[cups.bugs] [HIGH] STR #2741: cupsctl dumps core while cupsd is restarting.

Norm Jacobs Norm.Jacobs at Sun.COM
Fri Mar 7 00:25:36 PST 2008 

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

The short version of this is that cupsctl(1m) needs to check if it's http
connection succeeded before using it.
 
more detail...

# /usr/sbin/cupsctl --remote-admin --remote-printers --share-printers
--remote-any  ; echo "hello" ; cupsctl
hello
zsh: segmentation fault (core dumped)  cupsctl
# file core
core:		ELF 32-bit LSB core file 80386 Version 1, from 'cupsctl'
# mdb core
Loading modules: [ libc.so.1 ld.so.1 ]
> $c
libc.so.1`strlen+0x30(8051887, 8047070, 8044800, 0)
libc.so.1`vsnprintf+0x70(8044850, 800, 805187c, 8047070)
libcups.so.2`_cupsLangPrintf+0x6a(fec09de0, 805187c, 0)
main+0x623(1, 8047164, 804716c)
_start+0x7a(1, 80472ac, 0, 80472b4, 80472bb, 804731c)
> 805187c,48::dump
           0 1 2 3  4 5 6 7  8 9 a b \/ d e f  0123456789abvdef
8051870:  210a0000 25733d25 730a0000 63757073  !...%s=%s...cups
8051880:  63746c3a 2025730a 00000000 63757073  ctl: %s.....cups
8051890:  63746c3a 2025730a 00000000 30000000  ctl: %s.....0...
80518a0:  5f757365 725f6361 6e63656c 5f616e79  _user_cancel_any
80518b0:  00000000 2d2d6e6f 2d757365 722d6361  ....--no-user-ca
80518c0:  6e63656c 2d616e79 00000000 31000000  ncel-any....1...
> 8047070,48::dump
          \/ 1 2 3  4 5 6 7  8 9 a b  c d e f  v123456789abcdef
8047070:  00000000 44720408 20710408 ccb7fffe  ....Dr.. q......
8047080:  00000000 14710408 4ee6fdfe 70b1fffe  .....q..N...p...
8047090:  44720408 20710408 01000000 14710408  Dr.. q.......q..
80470a0:  44720408 20710408 ccb7fffe 1d080508  Dr.. q..........
80470b0:  20defffe 20defffe 1d000000 c4cd7a0d   ... .........z.
> 8051887,48::dump
           0 1 2 3  4 5 6\/  8 9 a b  c d e f  0123456v89abcdef
8051880:  63746c3a 2025730a 00000000 63757073  ctl: %s.....cups
8051890:  63746c3a 2025730a 00000000 30000000  ctl: %s.....0...
80518a0:  5f757365 725f6361 6e63656c 5f616e79  _user_cancel_any
80518b0:  00000000 2d2d6e6f 2d757365 722d6361  ....--no-user-ca
80518c0:  6e63656c 2d616e79 00000000 31000000  ncel-any....1...
> 

# dbx /tmp/cupsctl
  [snip]
(dbx) run                                                                 
  
Running: cupsctl 
(process id 1922)
t at 1 (l at 1) signal SEGV (no mapping at the fault address) in strlen at
0xfeafa650
0xfeafa650: strlen+0x0030:	movl     (%eax),%ecx
Current function is main
  165       _cupsLangPrintf(stderr, "cupsctl: %s\n",
cupsLastErrorString());
(dbx) list 163,170
  163     if (num_settings > 0)
  164     {
  165       if (!cupsAdminSetServerSettings(http, num_settings, settings))
  166       {
  167         _cupsLangPrintf(stderr, "cupsctl: %s\n",
cupsLastErrorString());
  168         return (1);
  169       }
  170     }
(dbx) print num_settings
num_settings = 0
(dbx) print settings    
settings = (nil)
(dbx) print http 
http = (nil)
(dbx) quit

Link: http://www.cups.org/str.php?L2741
Version: 1.3.6
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cupsctl.patch
URL: <https://lists.cups.org/pipermail/cups/attachments/20080307/0ce6aee0/attachment.ksh>

More information about the cups mailing list