subject:"Bug#723835\: cups\-browsed\: Segfault with multiple BrowsePoll directives"

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

2017-08-01 Thread Till Kamppeter

Fixed in cups-filters upstream, BZR rev. 7667, will be included in the 
cups-filters 1.16.1 release.


Thank you for your bug report with backtrace.

Problem was an uninitialized pointer which made the crash always happen 
when a BrowsePolled printer has no "Location" field in its IPP attributes.


   Till

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

2017-08-01 Thread Duck

Control: tags -1 -unreproducible
Control: found -1 1.16.0-2


Quack,

I'm using two different servers and could reproduce the crash. With only
one of them on another machine it works fine.

Here is the trace:
#0  0x7f7798fc2676 in strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x7f7798fc23ae in __GI___strdup (s=0x1 ) at strdup.c:41
len = 
new = 
#2  0x55ffc458b7aa in examine_discovered_printer_record
(host=, ip=0x0, port=631, resource=,
service_name=, location=0x1 , info=0x55ffc53363e4 "Canon iR-ADV C5045F New Office",
type=0x55ffc4595ab2 "", domain=0x55ffc4595ab2 "", txt=0x0) at
utils/cups-browsed.c:5268
uri = "ipp://s01.server.com:631/printers/Canon_C5045F_OM",
'\000' 
queue_name = 0x55ffc533d260
"Canon_iR_ADV_C5045F_New_Office_s01_server_com"
remote_host = 0x55ffc52be2c0 "s01.server.com"
pdl = 
make_model = 
color = 
duplex = 
fields = {0x55ffc459516f "product", 0x55ffc4595183 "usb_MDL",
0x55ffc459518b "ty", 0x0}
f = 
entry = 
key = 0x0
value = 0x0
note_value = 0x0
cluster = 
member = 
str = 
p = 0x55ffc52d8950
local_printer = 
backup_queue_name = 0x55ffc532c3c0
"canon_ir_adv_c5045f_new_office_s01_server_...@s01.server.com"
local_queue_name = 0x55ffc533d260
"Canon_iR_ADV_C5045F_New_Office_s01_server_com"
local_queue_name_lower = 
is_cups_queue = 1
#3  0x55ffc458f362 in found_cups_printer (remote_host=, uri=, location=0x1 , info=) at utils/cups-browsed.c:6010
scheme = "ipp", '\000' 
username = '\000' 
host = "s01.server.com", '\000' 
resource = "/printers/Canon_C5045F_OM", '\000' 
port = 631
iface = 
local_resource = "printers/Canon_C5045F_OM", '\000' 
service_name = "Canon iR-ADV C5045F New Office @
s01.server.com\000\375\177\000\000`\304\033\377\375\177\000\000`\304\033\377\375\177\000\000e\304\033\377\375\177\000\000\217\304\033\377\375\177\000\000`\304\033\377\375\177\000\000\217\304\033\377\375\177",
'\000' ,
"\v\000\000\000\004\000\000\000\220\303\033\377\375\177\000\000\000\000\033\377\375\177\000\000\000\000\000\000\000\000\000\000r\303\033\377\375\177\000\000\b\212\003\231w\177\000\000\377\377\377\377\377\377\377\377"...
c = 
hl = 51
printer = 
#4  0x55ffc458fbda in browse_poll_get_printers (conn=0x55ffc5371b70,
context=0x55ffc52d2750) at utils/cups-browsed.c:6427
uri = 0x55ffc5326f94
"ipp://s01.server.com:631/printers/Canon_C5045F_OM"
location = 0x1 
info = 0x55ffc53363e4 "Canon iR-ADV C5045F New Office"
request = 
rattrs = {0x55ffc4594aef "printer-uri-supported", 0x55ffc4594b5d
"printer-info"}
response = 0x55ffc5355670
attr = 0x55ffc5354910
printers = 
rattrs = {0x55ffc4594aef "printer-uri-supported", 0x55ffc4594b5d
"printer-info"}
context = 0x55ffc52d2750
conn = 
get_printers = 
#5  0x55ffc458fbda in browse_poll (data=0x55ffc52d2750,
data@entry=)
at utils/cups-browsed.c:6694
context = 0x55ffc52d2750
conn = 
get_printers = 
#6  0x7f77999cc523 in g_timeout_dispatch (source=0x55ffc531afd0,
callback=, user_data=)
at ../../../../glib/gmain.c:4629
timeout_source = 0x55ffc531afd0
again = 
#7  0x7f77999cbaaa in g_main_dispatch (context=0x55ffc52d8f30) at
../../../../glib/gmain.c:3148
dispatch = 0x7f77999cc510 
prev_source = 0x0
was_in_call = 0
user_data = 0x55ffc52d2750
callback = 0x55ffc458f800 
cb_funcs = 
cb_data = 0x55ffc52f6ab0
need_destroy = 
source = 0x55ffc531afd0
current = 0x55ffc5308890
i = 0
#8  0x7f77999cbaaa in g_main_context_dispatch
(context=context@entry=0x55ffc52d8f30) at ../../../../glib/gmain.c:3813
#9  0x7f77999cbe60 in g_main_context_iterate
(context=0x55ffc52d8f30, block=block@entry=1, dispatch=dispatch@entry=1,
self=)
at ../../../../glib/gmain.c:3886
max_priority = 2147483647
timeout = 43837
some_ready = 1
nfds = 3
allocated_nfds = 3
fds = 
#10 0x7f77999cc182 in g_main_loop_run (loop=0x55ffc530ffe0) at
../../../../glib/gmain.c:4082
__func__ = "g_main_loop_run"
#11 0x55ffc458213b in main (argc=1, argv=0x7ffdff1bc988) at
utils/cups-browsed.c:7987
ret = 1
http = 
i = 
val = 
p = 
proxy = 0x55ffc52f5460 [GDBusProxy]
error = 0x0
subscription_id = 824
action =
  {__sigaction_handler = {sa_handler = 0x55ffc4585ec0
, sa_sigaction = 0x55ffc4585ec0 },
sa_mask = {__val = {2048, 0 }}, sa_flags = 0,
sa_restorer = 0x0}

Regards.



signature.asc
Description: OpenPGP digital signature

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

2014-10-30 Thread Didier 'OdyX' Raboud

Control: tags -1 +upstream +unreproducible

On Fri, 20 Sep 2013 11:18:24 +0200 Martin Monperrus wrote:
* What led up to the situation?
 Having two BrowsePoll directives pointing to the same server.
 BrowsePoll cups.foo.com # DNS - 10.0.0.1
 BrowsePoll cups.bar.com # DNS - 10.0.0.1
 
* What was the outcome of this action?
 Segmentation fault (segfault)

Can you retry this on a recent sid/jessie systemd? I cannot reproduce 
this here.

Cheers, OdyX


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

2013-09-20 Thread Martin Monperrus

Package: cups-browsed
Version: 1.0.34-3+b1
Severity: important
Tags: upstream

Dear Maintainer,

   * What led up to the situation?
Having two BrowsePoll directives pointing to the same server.
BrowsePoll cups.foo.com # DNS - 10.0.0.1
BrowsePoll cups.bar.com # DNS - 10.0.0.1

   * What was the outcome of this action?
Segmentation fault (segfault)

   * What outcome did you expect instead?
A warning in debug mode.

Regards,

--Martin



-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.9-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cups-browsed depends on:
ii  avahi-daemon  0.6.31-2
ii  libavahi-client3  0.6.31-2
ii  libavahi-common3  0.6.31-2
ii  libavahi-glib10.6.31-2
ii  libc6 2.17-92+b1
ii  libcups2  1.6.3-1
ii  libglib2.0-0  2.36.4-1

cups-browsed recommends no packages.

cups-browsed suggests no packages.

-- Configuration Files:
/etc/cups/cups-browsed.conf changed [not included]

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

Bug#723835: cups-browsed: Segfault with multiple BrowsePoll directives

4 matches

Site Navigation

Mail list logo

Footer information