Bug 1654827

Summary: cupsd crash on startup in ippCopyAttribute
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: cupsAssignee: Zdenek Dohnal <zdohnal>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 28CC: jpopelka, twaugh, zdohnal
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: cups-2.2.6-30.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-21 05:52:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2018-11-29 18:51:38 UTC 
Description of problem:

Core was generated by `/usr/sbin/cupsd -l'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f4e2b7c6fcd in ippCopyAttribute (dst=<optimized out>, srcattr=0x7f4e180357a0, 
    quickcopy=0) at ipp.c:1689
1689              srcval->collection->use ++;
[Current thread is 1 (Thread 0x7f4e2d2e6040 (LWP 1136))]
(gdb) thr appl all bt

Thread 2 (Thread 0x7f4e1f881700 (LWP 1484)):
#0  0x00007f4e2b7c84b3 in ippNew () at ipp.c:2732
#1  0x000055c4d2d9516a in new_media_col (size=size@entry=0x7f4e18005b20, 
    source=0x55c4d37f2e24 "auto", type=0x7f4e180275c4 "com.hp.recycled") at printers.c:5145
#2  0x000055c4d2d9a9c8 in load_ppd (p=0x55c4d3b06270) at printers.c:4407
#3  cupsdSetPrinterAttrs (p=p@entry=0x55c4d3b06270) at printers.c:2450
#4  0x000055c4d2d757b2 in create_local_bg_thread (printer=0x55c4d3b06270) at ipp.c:5911
#5  0x00007f4e2ac11594 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f4e2a377e6f in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f4e2d2e6040 (LWP 1136)):
#0  0x00007f4e2b7c6fcd in ippCopyAttribute (dst=<optimized out>, srcattr=0x7f4e180357a0, 
    quickcopy=0) at ipp.c:1689
#1  0x000055c4d2d77c01 in copy_attrs (to=0x55c4d3b0f9a0, from=<optimized out>, ra=0x55c4d3af3790, 
    group=IPP_TAG_ZERO, quickcopy=0, exclude=0x0) at ipp.c:4526
#2  0x000055c4d2d794ab in copy_printer_attrs (con=con@entry=0x55c4d3ac1d30, 
    printer=0x55c4d3b06270, ra=ra@entry=0x55c4d3af3790) at ipp.c:5603
#3  0x000055c4d2d8652e in get_printer_attrs (uri=0x55c4d3b06e40, con=0x55c4d3ac1d30) at ipp.c:7919
#4  cupsdProcessIPPRequest (con=con@entry=0x55c4d3ac1d30) at ipp.c:536
#5  0x000055c4d2d65a05 in cupsdReadClient (con=0x55c4d3ac1d30) at client.c:2194
#6  0x000055c4d2d9f8a5 in cupsdDoSelect (timeout=<optimized out>) at select.c:484
#7  0x000055c4d2d5b000 in main (argc=<optimized out>, argv=<optimized out>) at main.c:885
(gdb) print srcval->collection->use ++
Cannot access memory at address 0x7f4e181639e8
(gdb) print srcval->collection->use
$10 = 1
(gdb) print *srcval->collection
$13 = {state = IPP_STATE_IDLE, request = {any = {version = "\001\001", op_status = 0,
      request_id = 0}, op = {version = "\001\001", operation_id = IPP_OP_CUPS_NONE,
      request_id = 0}, status = {version = "\001\001", status_code = IPP_STATUS_OK,
      request_id = 0}, event = {version = "\001\001", status_code = IPP_STATUS_OK,
      request_id = 0}}, attrs = 0x7f4e18163ad0, last = 0x7f4e18163c50, current = 0x7f4e18163c50,
  curtag = IPP_TAG_ZERO, prev = 0x7f4e18163c10, use = 1, atend = 0, curindex = 0}


Version-Release number of selected component (if applicable):
cups-2.2.6-25.fc28.x86_64


How reproducible:
Seen once so far on startup.

Upstream fix appears to be here: https://github.com/apple/cups/commit/8e47ac0199edc01233888724b1ba32c4dfcd54b3
Comment 1 Zdenek Dohnal 2018-12-03 11:18:24 UTC 
Hi Orion,

thank you for reporting the issue and finding the patch! I'll issue the build now for Fedora 28, because it is fixed in newer Fedoras.
Comment 2 Fedora Update System 2018-12-03 11:35:12 UTC 
cups-2.2.6-26.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1e8bfb04f1
Comment 3 Fedora Update System 2018-12-04 03:37:59 UTC 
cups-2.2.6-26.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1e8bfb04f1
Comment 4 Fedora Update System 2018-12-10 16:10:39 UTC 
cups-2.2.6-27.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8eb6a893fa
Comment 5 Fedora Update System 2018-12-13 13:57:47 UTC 
cups-2.2.6-28.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f2699fb66d
Comment 6 Fedora Update System 2018-12-13 17:57:56 UTC 
cups-2.2.6-29.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-68028d9bbf
Comment 7 Fedora Update System 2018-12-15 03:19:41 UTC 
cups-2.2.6-29.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-68028d9bbf
Comment 8 Fedora Update System 2018-12-21 05:52:45 UTC 
cups-2.2.6-30.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.