Bug 453099

Summary: Cups crashed when reloading config which has the same printer listed more than once
Product: Red Hat Enterprise Linux 4 Reporter: Mathijs Brands <mathijs>
Component: cupsAssignee: Tim Waugh <twaugh>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 4.6CC: cmeadors, pknirsch, tpelka, ykopkova
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* printers in CUPS should have unique names. However, if a CUPS configuration file somehow contained entries for more than one device with the same name, the CUPS scheduler would create a segmentation fault and crash while starting up. CUPS now includes code that examines each printer while loading it from the configuration file. CUPS will not attempt to load duplicate entries, but will log an error.
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-18 20:21:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Example printers.conf that causes a segfault none

Description Mathijs Brands 2008-06-27 09:54:55 UTC
Description of problem:

If a printer is listed multiple times in /etc/cups/printers.conf, a 'restart'
operation will succeed but a 'reload' will cause a segfault in the scheduler.


Version-Release number of selected component (if applicable):

1.1.22-0.rc1.9.20.2.el4_6.8


How reproducible:

Every time.


Steps to Reproduce:
1. Create a cups printer config (/etc/cups/printers.conf) and list the same
printer twice.
2. Run 'service cups reload'.
  

Actual results:

Cups segfaults (see additional info).


Expected results:

Cups should not segfault, but treat the (admittedly erronous) double entries in
the same way as it does when you (re)start cups.


Additional info:

Breakpoint 1, mimeDeleteType (mime=0x552abe9bd0, mt=0x552af54840) at mime.c:133
133       free(mt->type);
1: mt->type = 0x47ffffff7 <Address 0x47ffffff7 out of bounds>
(gdb)

The pointer that is being freed is not NULL.

Comment 1 Mathijs Brands 2008-06-27 10:56:34 UTC
Test case to reproduce needs to be modified a bit: the printer names must be the
same, but the device must be different.

I will attach an example that works.

Comment 2 Mathijs Brands 2008-06-27 10:58:20 UTC
Created attachment 310424 [details]
Example printers.conf that causes a segfault

Comment 3 RHEL Program Management 2008-10-31 16:36:16 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 7 Tim Waugh 2009-01-20 17:32:35 UTC
Filed upstream with patch.

Comment 9 Ruediger Landmann 2009-01-27 03:28:48 UTC
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
* printers in CUPS should have unique names. However, if a CUPS configuration file somehow contained entries for more than one device containing the same name, the CUPS scheduler would create a segmentation fault and crash while starting up. CUPS now includes code that examines each printer while loading it from the configuration file. CUPS will not attempt to load duplicate entries, but will log an error.

Comment 10 Ruediger Landmann 2009-01-27 03:30:33 UTC
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1 +1 @@
-* printers in CUPS should have unique names. However, if a CUPS configuration file somehow contained entries for more than one device containing the same name, the CUPS scheduler would create a segmentation fault and crash while starting up. CUPS now includes code that examines each printer while loading it from the configuration file. CUPS will not attempt to load duplicate entries, but will log an error.+* printers in CUPS should have unique names. However, if a CUPS configuration file somehow contained entries for more than one device with the same name, the CUPS scheduler would create a segmentation fault and crash while starting up. CUPS now includes code that examines each printer while loading it from the configuration file. CUPS will not attempt to load duplicate entries, but will log an error.

Comment 13 errata-xmlrpc 2009-05-18 20:21:20 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0989.html