[cups.bugs] [HIGH] STR #2600: CUPS 1.4 current SVN SIGSEGVs on Samba job submit

Chris Cheyney chris at cscheyney.com
Thu Nov 15 12:39:27 PST 2007


DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

CUPS 1.4 current back through CUPS 1.3.4 crashes with a SIGSEGV
when it attempts to process a job submitted by Samba.

This bug report provides supplemental information to STR #2599
since the problem is reproducible in cups-1.4svn-r7061.  The
other details are not provided here since they have already
been added to the other bug report.

Here's the stack trace for the segfault:

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread -1208658160 (LWP 20187)]
  0x0045e153 in strlen () from /lib/libc.so.6
  (gdb) where
  #0  0x0045e153 in strlen () from /lib/libc.so.6
  #1  0x0042e1e9 in vfprintf () from /lib/libc.so.6
  #2  0x0044eb44 in vsnprintf () from /lib/libc.so.6
  #3  0xb7fc1500 in cupsdLogMessage (level=9, 
      message=0xb7fd9dd4 "add_job(%p[%d], %p(%s), %p(%s/%s))") at
log.c:268
  #4  0xb7fa6f8e in add_job (con=0xb9b2db30, printer=0xb9b201c8,
filetype=0x0)
      at ipp.c:1275
  #5  0xb7faea02 in create_job (con=0xb9b2db30, uri=0xb9b31670) at
ipp.c:4912
  #6  0xb7fa5b64 in cupsdProcessIPPRequest (con=0xb9b2db30) at ipp.c:497
  #7  0xb7f90a87 in cupsdReadClient (con=0xb9b2db30) at client.c:2108
  #8  0xb7fa4068 in main (argc=1, argv=0xbfac0544) at main.c:936

By #ifdef-ing out line 1275 of scheduler/ipp.c, CUPS works
without a segfault and prints normally:

  --- ipp.c.orig  2007-11-15 20:34:33.000000000 +0000
  +++ ipp.c       2007-11-15 20:30:43.000000000 +0000
  @@ -1271,9 +1271,11 @@
     int          i;                      /* Looping var */
     int          lowerpagerange;         /* Page range bound */
 
  +#ifdef THISCRASHES
     cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s),
%p(%s/%s))",
                     con, con->http.fd, printer, printer->name,
                    filetype, filetype->super, filetype->type);
  +#endif

Since this problem was first discovered in CUPS 1.3.4 on Fedora 8,
the problem regresses back to that version at the least.

Please let me know when you can incorporate a fix for this into
the SVN mainline as well as a patch for earlier versions.

Thanks,

chris

Link: http://www.cups.org/str.php?L2600
Version: 1.4-current





More information about the cups mailing list