[cups.bugs] [HIGH] STR #1420: cupstestppd crashes after doing its work

Till Kamppeter till.kamppeter at gmx.net
Tue Feb 14 09:18:06 PST 2006 

[STR New]

If I do

cupstestppd /home/test/tmp/x/shc262sj.ppd

I get

/home/test/tmp/x/shc262sj.ppd: PASS
*** glibc detected *** double free or corruption (!prev): 0x0806e7a0 ***
Aborted (core dumped)

The PPD file is attached, but it happens also with many other (but not
all) PPD files.

Here is the valgrind output:

[root at majax c]# valgrind cupstestppd /home/test/tmp/x/shc262sj.ppd
==31967== Memcheck, a memory error detector.
==31967== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==31967== Using LibVEX rev 1471, a library for dynamic binary translation.
==31967== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==31967== Using valgrind-3.1.0, a dynamic binary instrumentation
framework.
==31967== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==31967== For more details, rerun with: -v
==31967==
/home/test/tmp/x/shc262sj.ppd: PASS
==31967== Invalid read of size 1
==31967==    at 0x4196110: strcasecmp (in /lib/tls/libc-2.3.5.so)
==31967==    by 0x4036461: ppdMarkOption (in /usr/lib/libcups.so.2)
==31967==    by 0x4036753: (within /usr/lib/libcups.so.2)
==31967==    by 0x40367DD: ppdMarkDefaults (in /usr/lib/libcups.so.2)
==31967==    by 0x804A468: (within /usr/bin/cupstestppd)
==31967==    by 0x413DE3F: __libc_start_main (in /lib/tls/libc-2.3.5.so)
==31967==  Address 0x44F82F4 is 4 bytes after a block of size 1,656
alloc'd
==31967==    at 0x401C806: realloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31967==    by 0x403C1F8: (within /usr/lib/libcups.so.2)
==31967==    by 0x403F017: ppdOpen2 (in /usr/lib/libcups.so.2)
==31967==    by 0x403F61F: ppdOpenFile (in /usr/lib/libcups.so.2)
==31967==    by 0x804938F: (within /usr/bin/cupstestppd)
==31967==    by 0x413DE3F: __libc_start_main (in /lib/tls/libc-2.3.5.so)
==31967==
==31967== Invalid write of size 4
==31967==    at 0x403646B: ppdMarkOption (in /usr/lib/libcups.so.2)
==31967==    by 0x4036753: (within /usr/lib/libcups.so.2)
==31967==    by 0x40367DD: ppdMarkDefaults (in /usr/lib/libcups.so.2)
==31967==    by 0x804A468: (within /usr/bin/cupstestppd)
==31967==    by 0x413DE3F: __libc_start_main (in /lib/tls/libc-2.3.5.so)
==31967==  Address 0x44F82F0 is 0 bytes after a block of size 1,656
alloc'd
==31967==    at 0x401C806: realloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31967==    by 0x403C1F8: (within /usr/lib/libcups.so.2)
==31967==    by 0x403F017: ppdOpen2 (in /usr/lib/libcups.so.2)
==31967==    by 0x403F61F: ppdOpenFile (in /usr/lib/libcups.so.2)
==31967==    by 0x804938F: (within /usr/bin/cupstestppd)
==31967==    by 0x413DE3F: __libc_start_main (in /lib/tls/libc-2.3.5.so)
==31967==
==31967== Invalid write of size 1
==31967==    at 0x403620A: ppdMarkOption (in /usr/lib/libcups.so.2)
==31967==    by 0x4036753: (within /usr/lib/libcups.so.2)
==31967==    by 0x40367DD: ppdMarkDefaults (in /usr/lib/libcups.so.2)
==31967==    by 0x804A468: (within /usr/bin/cupstestppd)
==31967==    by 0x413DE3F: __libc_start_main (in /lib/tls/libc-2.3.5.so)
==31967==  Address 0x4500C04 is 0 bytes after a block of size 3,036
alloc'd
==31967==    at 0x401C806: realloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==31967==    by 0x403C13D: (within /usr/lib/libcups.so.2)
==31967==    by 0x403EF6A: ppdOpen2 (in /usr/lib/libcups.so.2)
==31967==    by 0x403F61F: ppdOpenFile (in /usr/lib/libcups.so.2)
==31967==    by 0x804938F: (within /usr/bin/cupstestppd)
==31967==    by 0x413DE3F: __libc_start_main (in /lib/tls/libc-2.3.5.so)
==31967==
==31967== ERROR SUMMARY: 69 errors from 3 contexts (suppressed: 31 from 1)
==31967== malloc/free: in use at exit: 6,556 bytes in 5 blocks.
==31967== malloc/free: 3,502 allocs, 3,497 frees, 21,384,994 bytes
allocated.
==31967== For counts of detected errors, rerun with: -v
==31967== searching for pointers to 5 not-freed blocks.
==31967== checked 336,416 bytes.
==31967==
==31967== LEAK SUMMARY:
==31967==    definitely lost: 0 bytes in 0 blocks.
==31967==      possibly lost: 0 bytes in 0 blocks.
==31967==    still reachable: 6,556 bytes in 5 blocks.
==31967==         suppressed: 0 bytes in 0 blocks.
==31967== Reachable blocks (those to which a pointer was found) are not
shown.
==31967== To see them, rerun with: --show-reachable=yes
[root at majax c]#

Link: http://www.cups.org/str.php?L1420
Version: 1.2-current
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shc262sj.ppd
Type: application/octet-stream
Size: 72155 bytes
Desc: not available
URL: <https://lists.cups.org/pipermail/cups/attachments/20060214/e0564f83/attachment.obj>

More information about the cups mailing list