[cups.bugs] [MOD] STR #4262: segmentation fault in test/ipptool.c:2557
Ulrich.Windl.rz.uni-regensburg
Ulrich.Windl at rz.uni-regensburg.de
Mon Jan 21 03:37:28 PST 2013
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
This patch fixes a segmentation fault in ipptool.c:2557 (cups 1.6.1) when
performing the test 4.2-cups-printer-ops.test.
In that case the IPP printer returned (you can guess the response from the
debug output, "AGT" = Attribute Group Tag):
[0]main_loop:N: accepted connection from 172.20.16.35:52846
[0]main_loop:D: Method: POST
[1]IPP_decode:N: version 0101 op_id 4003 request-id 57953 data size 9293
[3]AGT:1:D: value tag:71
[3]AGT:1:D: name:attributes-charset
[3]AGT:1:D: val:utf-8
[3]AGT:1:D: value tag:72
[3]AGT:1:D: name:attributes-natural-language
[3]AGT:1:D: val:en
[3]AGT:1:D: value tag:69
[3]AGT:1:D: name:printer-uri
[3]AGT:1:D: val:ipp://host.site:1631/printers/Test1
[2]parse_attribute_group:D: group ends with tag:3
[2]parse_attribute_group:D: group ends with tag:3
[1]IPP_decode:D: end of attributes
[1]IPP_decode:D: 9150 bytes of data
[1]IPP_decode:D: end of data
[0]main_loop:E: operation '16387' not implemented
[2]IPP_encode:N: version 0101 status 0501 request-id 57953
[3]build_attribute_group:D: AGT:3
[2]IPP_encode:D: end of data
[0]main_loop:W: failed to get request: Client closed
The original code causes a null-pointer dereference when setting up a
variable that will never be used in the loop. The fix just uses some ugly
number for group (which shouldn't matter as the loop isn't executed).
diff --git a/test/ipptool.c b/test/ipptool.c
index dac5541..619edee 100644
--- a/test/ipptool.c
+++ b/test/ipptool.c
@@ -2554,7 +2554,8 @@ do_tests(_cups_vars_t *vars, /* I - Variables */
a = cupsArrayNew((cups_array_func_t)strcmp, NULL);
- for (attrptr = response->attrs, group = attrptr->group_tag;
+ for (attrptr = response->attrs, group = (attrptr != NULL) ?
+ attrptr->group_tag : 99999;
attrptr;
attrptr = attrptr->next)
{
Link: https://www.cups.org/str.php?L4262
Version: 1.6.1
More information about the cups-devel
mailing list