Dear Maintainer, hello Brian Potkin, > Thanks. All this is very new to me. I hope it is what is needed and > > someone can interpret it!
Thanks for the information, in my first attempts I was under the impression you are on a amd64 system because the coredumpctl output used 16 character addresses - therefore address offsets never matched mine ... Using a utiltiy like reportbug would have attached information about package versions and architecture already in the first mail, you probably can consider using such in future reports. I could not reproduce the crash and therefore cannot be sure about following. We might reach line 5648 even when key is already freed in line 5622/5626, but the gotos in line 5624/5629 are not reached because of the condition above. Therefore a (untested) change [3] like below could possibly avoid that. Not related but looks suspicious that in line 5617 the empty string "" is assigned to variable value and that might be given to avahi_free. I guess this may also lead to a crash. In [4] is also an (untested) attempt to avoid that. Both issues are possible since commit [5] "Fixed minor memory leaks". Kind regards, Bernhard [1] https://github.com/OpenPrinting/cups-filters/blob/master/utils/cups-browsed.c#L5648 [2] 5611 if (key) { ... 5614 if (filter->regexp) { 5615 /* match regexp */ 5616 if (!value) 5617 value = ""; 5618 if ((filter->cregexp && 5619 regexec(filter->cregexp, value, 0, NULL, 0) == 0) || 5620 (!filter->cregexp && !strcasecmp(filter->regexp, value))) { 5621 avahi_free(key); 5622 avahi_free(value); 5623 if (filter->sense == FILTER_NOT_MATCH) 5624 goto filter_failed; 5625 } else { 5626 avahi_free(key); 5627 avahi_free(value); 5628 if (filter->sense == FILTER_MATCH) 5629 goto filter_failed; 5630 } 5631 } else { 5632 /* match boolean value */ 5633 if (filter->sense == FILTER_MATCH) { 5634 if (!value || strcasecmp(value, "T")) { 5635 avahi_free(key); 5636 avahi_free(value); 5637 goto filter_failed; 5638 } 5639 } else { 5640 if (value && !strcasecmp(value, "T")) { 5641 avahi_free(key); 5642 avahi_free(value); 5643 goto filter_failed; 5644 } 5645 } 5646 } 5647 } 5648 avahi_free(key); 5649 avahi_free(value); 5650 goto filter_matched; ... 5703 filter_matched: ... 5712 filter_failed: [3] diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c index 0d5d521..8f5169e 100644 --- a/utils/cups-browsed.c +++ b/utils/cups-browsed.c @@ -5618,15 +5618,17 @@ matched_filters (const char *queue_name, if ((filter->cregexp && regexec(filter->cregexp, value, 0, NULL, 0) == 0) || (!filter->cregexp && !strcasecmp(filter->regexp, value))) { - avahi_free(key); - avahi_free(value); - if (filter->sense == FILTER_NOT_MATCH) + if (filter->sense == FILTER_NOT_MATCH) { + avahi_free(key); + avahi_free(value); goto filter_failed; + } } else { - avahi_free(key); - avahi_free(value); - if (filter->sense == FILTER_MATCH) + if (filter->sense == FILTER_MATCH) { + avahi_free(key); + avahi_free(value); goto filter_failed; + } } } else { /* match boolean value */ [4] diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c index 0d5d521..d014072 100644 --- a/utils/cups-browsed.c +++ b/utils/cups-browsed.c @@ -5588,7 +5588,7 @@ matched_filters (const char *queue_name, char buf[10]; #ifdef HAVE_AVAHI AvahiStringList *entry = NULL; - char *key = NULL, *value = NULL; + char *key = NULL, *value = NULL, *value2; #endif /* HAVE_AVAHI */ debug_printf("Matching printer \"%s\" with properties Host = \"%s\", Port = %d, Service Name = \"%s\", Domain = \"%s\" with the BrowseFilter lines in cups-browsed.conf\n", queue_name, host, port, service_name, domain); @@ -5613,11 +5613,12 @@ matched_filters (const char *queue_name, key, (value ? value : "")); if (filter->regexp) { /* match regexp */ - if (!value) - value = ""; + value2 = ""; + if (value) + value2 = value; if ((filter->cregexp && - regexec(filter->cregexp, value, 0, NULL, 0) == 0) || - (!filter->cregexp && !strcasecmp(filter->regexp, value))) { + regexec(filter->cregexp, value2, 0, NULL, 0) == 0) || + (!filter->cregexp && !strcasecmp(filter->regexp, value2))) { avahi_free(key); avahi_free(value); if (filter->sense == FILTER_NOT_MATCH) [5] https://github.com/OpenPrinting/cups-filters/commit/5e4d71b5a67dd81d9d7523b149060618f515491e
