[cups] cupsd 2.0.3 SIGSEGV on Solaris SPARC 64bit

Matthias Apitz guru at unixarea.de
Fri Jan 22 08:12:26 PST 2016


El día Friday, January 22, 2016 a las 01:06:26PM +0100, Matthias Apitz escribió:

> El d?a Friday, January 22, 2016 a las 11:23:05AM +0100, Johannes Meixner escribi?:
> 
> > Perhaps what you see is not a bug inside CUPS (i.e. in the
> > CUPS sources) but something in the build-time or run-time
> > environment of CUPS (e.g. a bug inside a library that is
> > linked with the cupsd binary)?
> 
> The crash is related to the 'LogLevel debug', with 'debug' it crashes on
> the first contact with the browser on port 631; with 'warn' one can add
> printers via the browser and monitor the jobs.
> 
> Which function is doing the final fprintf to the log file in
> /var/log/cups/error_log (ther are so many debug facilities in the sources)?

The crash is reproduceable in scheduler/log.c in the call

 /*
  * Format the log message...
  */

  len = vsnprintf(log_line, log_linesize, message, ap);

on Monday I will catch exactly what the 'message' (i.e. the format
string) and the valist ap contains; vsnprinf() does internally a
strlen() with an invalid char pointer; does this ring someones bell?

	matthias
-- 
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
UNIX since V7 on PDP-11 | UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2 | FreeBSD since 2.2.5



More information about the cups mailing list