[cups.bugs] [MOD] STR #3724: Broken Custom options passed to Cups crash filter

Benjamin Berg benjamin at sipsolutions.net
Thu Nov 18 02:59:03 PST 2010


DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

See attached testcase.

A custom option can be passed using "Option=Custom.string", but if only
"Option=Custom" is passed over to cups, it crashes while emitting the JCL.
Of course, clients should not send such options, but the filter shouldn't
crash either.

The backtrace here is:
(gdb) run
Starting program: /home/benjamin/Projects/cups/test 
[Thread debugging using libthread_db enabled]
1
AccountPassword=Custom
%-12345X at PJL
@PJL JOB NAME = "sometitle" DISPLAY = "1234 test sometitle"

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen.S:54
54	../sysdeps/x86_64/multiarch/strlen.S: No such file or directory.
	in ../sysdeps/x86_64/multiarch/strlen.S
(gdb) bt
#0  __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen.S:54
#1  0x00007ffff7ba9e49 in ppdEmitString (ppd=<value optimized out>,
section=PPD_ORDER_JCL, min_order=<value optimized out>)
    at emit.c:686
#2  0x00007ffff7baa61c in ppdEmitAfterOrder (ppd=0x0, fp=0x7ffff6677780,
section=16, limit=0, min_order=24) at emit.c:294
#3  0x00007ffff7baa7cb in ppdEmitJCL (ppd=0x603690, fp=0x7ffff6677780,
job_id=<value optimized out>, 
    user=<value optimized out>, title=0x7fffffffe220 "1234 test
sometitle") at emit.c:539
#4  0x00000000004008f2 in main () at test.c:21

Link: http://www.cups.org/str.php?L3724
Version: 1.4.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.tar.bz2
Type: application/octet-stream
Size: 9350 bytes
Desc: not available
URL: <https://lists.cups.org/pipermail/cups/attachments/20101118/a32955f7/attachment.obj>


More information about the cups mailing list