Bug 150739
| Summary: | cupsd segfaults (dbus) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bill Nottingham <notting> |
| Component: | cups | Assignee: | Tim Waugh <twaugh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | alfred, jik, john.ellson, johnp, rvokal, walters |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.1.23-14 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-03-10 14:20:05 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Program received signal SIGSEGV, Segmentation fault.
0x0034ea6b in strlen () from /lib/tls/libc.so.6
(gdb) bt
#0 0x0034ea6b in strlen () from /lib/tls/libc.so.6
#1 0x002bdc42 in marshal_string (str=0x6c797473, insert_at=1819898995,
value=0x6c797473 <Address 0x6c797473 out of bounds>,
byte_order=-1074363444, pos_after=0xbff683cc) at
dbus-marshal-basic.c:808
#2 0x00298cee in _dbus_type_writer_write_basic_no_typecode (
writer=0xbff683cc, type=1819898995, value=0x6c797473)
at dbus-marshal-recursive.c:1682
#3 0x002999b2 in _dbus_type_writer_write_basic (writer=0xbff682ac,
type=115,
value=0x6c797473) at dbus-marshal-recursive.c:2387
#4 0x0029f4fc in dbus_message_iter_append_basic (iter=0xbff682a4,
type=115,
value=0xbff683cc) at dbus-message.c:2087
#5 0x0079d4bf in dbus_broadcast_printer_added (
printer_name=0x6c797473 <Address 0x6c797473 out of bounds>) at
main.c:200
#6 0x007b4a46 in AddPrinter (name=Variable "name" is not available.
) at printers.c:147
#7 0x007b7518 in LoadAllPrinters () at printers.c:887
#8 0x00799b84 in ReadConfiguration () at conf.c:687
#9 0x0079dc8f in main (argc=2, argv=0xbff6d124) at main.c:500
fixed to the dbus patch to send the address of the values to dbus_message_iter_append_basic instead of the values themselves. Tim can you rebuild. *** Bug 150767 has been marked as a duplicate of this bug. *** Please try 1.1.23-14. cups 1.1.23-14 works !! Thanks. *** Bug 150824 has been marked as a duplicate of this bug. *** *** Bug 150845 has been marked as a duplicate of this bug. *** |
Description of problem: # service cups start Starting cups: cupsd: Child exited on signal 11! [FAILED] Version-Release number of selected component (if applicable): # rpm -q cups dbus cups-1.1.23-13 dbus-0.31-2 How reproducible: Every time Steps to Reproduce: 1. See above strace shows... ... 3936 socket(PF_FILE, SOCK_STREAM, 0) = 2 3936 connect(2, {sa_family=AF_FILE, path="/var/run/dbus/system_bus_socket"}, 110) = 0 3936 fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR) 3936 fcntl64(2, F_SETFL, O_RDWR|O_NONBLOCK) = 0 3936 fcntl64(2, F_GETFD) = 0 3936 fcntl64(2, F_SETFD, FD_CLOEXEC) = 0 3936 getuid32() = 0 3936 rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0 3936 poll([{fd=2, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 3936 write(2, "\0", 1) = 1 3936 write(2, "AUTH EXTERNAL 30\r\n", 18) = 18 3936 poll([{fd=2, events=POLLIN, revents=POLLIN}], 1, -1) = 1 3936 read(2, "OK\r\n", 2048) = 4 3936 poll([{fd=2, events=POLLOUT, revents=POLLOUT}], 1, -1) = 1 3936 write(2, "BEGIN\r\n", 7) = 7 3936 poll([{fd=2, events=POLLIN|POLLOUT, revents=POLLOUT}], 1, -1) = 1 3936 writev(2, [{"l\1\0\1\0\0\0\0\1\0\0\0n\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 128}, {"", 0}], 2) = 128 3936 gettimeofday({1110424069, 211329}, NULL) = 0 3936 poll([{fd=2, events=POLLIN, revents=POLLIN}], 1, 25000) = 1 3936 read(2, "l\2\1\1\n\0\0\0\1\0\0\0=\0\0\0\6\1s\0\5\0\0\0:1.23\0\0"..., 2048) = 260 3936 read(2, 0x8a60838, 2048) = -1 EAGAIN (Resource temporarily unavailable) 3936 --- SIGSEGV (Segmentation fault) @ 0 (0) --- Will attept to get a gdb backtrace.