Bug 537460

Summary: Segmentation fault in cupsAddDest
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: cupsAssignee: Tim Waugh <twaugh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: jpopelka, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.4.2-20.fc11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 550301 (view as bug list) Environment:
Last Closed: 2009-12-27 20:32:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 550301    
Attachments:
Description Flags
troubleshoot.txt
none
/etc/cups/printers.conf
none
/var/cache/cups/remote.cache none

Description Orion Poplawski 2009-11-13 17:29:43 UTC
Description of problem:

I'm seeing segmentation faults in cupsAddDest when trying to print from a couple machines now.  One is F11/x86_64 - clicking print in acroread, this one is F12/i686 - clicking print in okular.

Program received signal SIGSEGV, Segmentation fault.
cupsAddDest (name=<value optimized out>, instance=<value optimized out>, num_dests=8, 
    dests=<value optimized out>) at dest.c:165
165               doption->name  = _cupsStrRetain(poption->name);
(gdb) bt
#0  cupsAddDest (name=<value optimized out>, instance=<value optimized out>, num_dests=8,
    dests=<value optimized out>) at dest.c:165
#1  0x013699d2 in cups_get_dests (filename=<value optimized out>,
    match_name=<value optimized out>, match_inst=<value optimized out>,
    user_default_set=<value optimized out>, num_dests=<value optimized out>,
    dests=<value optimized out>) at dest.c:1667
#2  0x0136b048 in cupsGetDests2 (http=<value optimized out>, dests=<value optimized out>)
    at dest.c:397
#3  0x0136b351 in cupsGetDests (dests=<value optimized out>) at dest.c:272
#4  0x041c373c in QCUPSSupport::QCUPSSupport (this=<value optimized out>)
    at painting/qcups.cpp:136
....
(gdb) print poption->name
Cannot access memory at address 0x0
(gdb) print doption->name
Cannot access memory at address 0x0

# cat /etc/cups/lpoptions
Dest dali/duplex Option5=True Duplex=DuplexNoTumble
Dest dali/11x17 media=11x17,2Tray
Dest seuss/duplex Option5=True Duplex=DuplexNoTumble

# lpstat -t
scheduler is running
system default destination: dali
device for AdobePDF8: ///dev/null
device for dali: ipp://earth.cora.nwra.com:631/printers/dali
device for dali/11x17: ipp://earth.cora.nwra.com:631/printers/dali
device for dali/duplex: ipp://earth.cora.nwra.com:631/printers/dali
device for frost: ipp://earth.cora.nwra.com:631/printers/frost
device for poe: ipp://earth.cora.nwra.com:631/printers/poe
device for seuss: ipp://earth.cora.nwra.com:631/printers/seuss
device for seuss/duplex: ipp://earth.cora.nwra.com:631/printers/seuss
AdobePDF8 accepting requests since Fri 30 Oct 2009 02:13:12 PM MDT
dali accepting requests since Fri 13 Nov 2009 09:05:40 AM MST
dali/11x17 accepting requests since Fri 13 Nov 2009 09:05:40 AM MST
dali/duplex accepting requests since Fri 13 Nov 2009 09:05:40 AM MST
frost accepting requests since Fri 13 Nov 2009 09:05:40 AM MST
poe accepting requests since Fri 13 Nov 2009 09:05:40 AM MST
seuss accepting requests since Fri 13 Nov 2009 09:05:40 AM MST
seuss/duplex accepting requests since Fri 13 Nov 2009 09:05:40 AM MST
printer AdobePDF8 is idle.  enabled since Fri 30 Oct 2009 02:13:12 PM MDT
printer dali is idle.  enabled since Fri 13 Nov 2009 09:05:40 AM MST
printer dali/11x17 is idle.  enabled since Fri 13 Nov 2009 09:05:40 AM MST
printer dali/duplex is idle.  enabled since Fri 13 Nov 2009 09:05:40 AM MST
printer frost is idle.  enabled since Fri 13 Nov 2009 09:05:40 AM MST
printer poe is idle.  enabled since Fri 13 Nov 2009 09:05:40 AM MST
printer seuss is idle.  enabled since Fri 13 Nov 2009 09:05:40 AM MST
printer seuss/duplex is idle.  enabled since Fri 13 Nov 2009 09:05:40 AM MST


Version-Release number of selected component (if applicable):
cups-1.4.2-1.fc12.i686

How reproducible:
Everytime.

Comment 1 Tim Waugh 2009-11-16 12:38:18 UTC
Please run the printing troubleshooter (System->Administration->Printing, then Help->Troubleshoot).  When asked to print a test page, don't actually do it (we don't want to crash cupsd, just collect enough information to reproduce the problem here).

Attach the resulting troubleshoot.txt file here.  Thanks.

Comment 2 Orion Poplawski 2009-11-20 21:50:28 UTC
Created attachment 372619 [details]
troubleshoot.txt

Comment 3 Tim Waugh 2009-12-08 17:11:39 UTC
Are you still seeing this problem?  I cannot reproduce it here, or really see why it is happening from the stack trace.  It seems that the problem occurs when loading /etc/cups/lpoptions, I would guess either for the first line or the third (it is with the first instance for a particular queue).

Could you please attach:

1. /var/cache/cups/seuss.ipp
2. /var/cache/cups/dali.ipp
3. /etc/cups/printers.conf

Comment 4 Orion Poplawski 2009-12-08 17:45:48 UTC
Created attachment 376958 [details]
/etc/cups/printers.conf

Still happening.  No seuss.ipp or dali.ipp files in /var/cache/cups:

$ ls /var/cache/cups
AdobePDF8.ipp  job.cache  ppds.dat  remote.cache  rss

Comment 5 Tim Waugh 2009-12-08 17:49:26 UTC
Oh, they're remote printers.  Can you attach remote.cache please?  Thanks.

Comment 6 Orion Poplawski 2009-12-08 17:54:18 UTC
Created attachment 376961 [details]
/var/cache/cups/remote.cache

Comment 7 Tim Waugh 2009-12-08 23:46:00 UTC
Thanks.  I'm still having trouble replicating the problem here -- can I get you to run some things in gdb?  First, run some application under gdb as before -- you might find that this works:

gdb --args python -c 'import cups;cups.Connection().getDests()'

Then run it until it crashes, as before:

Program received signal SIGSEGV, Segmentation fault.
cupsAddDest (name=<value optimized out>, instance=<value optimized out>,
num_dests=8, 
    dests=<value optimized out>) at dest.c:165
165               doption->name  = _cupsStrRetain(poption->name);

At this point I'd love to see the output of:

p dest
p parent
p *parent
p dest->options
p dest->num_options
p i
p doption
p poption

I'd also like to see what 'instance' is but I see it's optimized out.  Next, please do this:

up

and then:

p instance
p lineptr
p line

Comment 8 Orion Poplawski 2009-12-09 18:43:57 UTC
The python code doesn't crash, but okular still does.  Note that this is highly sensitive to the global list of printers - as printers come and go the crash occurs or goes away.  I created the local AdobePDF8 printer to reproduce, as the presence of this from another machine sharing printers seemed to trigger the bug.


Program received signal SIGSEGV, Segmentation fault.
cupsAddDest (name=<value optimized out>, instance=<value optimized out>, num_dests=8,
    dests=<value optimized out>) at dest.c:165
165               doption->name  = _cupsStrRetain(poption->name);
(gdb) p dest
$1 = (cups_dest_t *) 0x0
(gdb) p parent
$2 = <value optimized out>
(gdb) p *parent
Cannot access memory at address 0x0
(gdb) p dest->options
Cannot access memory at address 0x10
(gdb) p dest->num_options
Cannot access memory at address 0xc
(gdb) p i
$3 = 17
(gdb) p doption
$4 = <value optimized out>
(gdb) p poption
$5 = <value optimized out>
(gdb) up
#1  0x06f349d2 in cups_get_dests (filename=<value optimized out>,
    match_name=<value optimized out>, match_inst=<value optimized out>,
    user_default_set=<value optimized out>, num_dests=<value optimized out>,
    dests=<value optimized out>) at dest.c:1667
1667          num_dests = cupsAddDest(name, instance, num_dests, dests);
(gdb) p instance
$6 = <value optimized out>
(gdb) p lineptr
$7 = 0xbfe971be "Option5=True Duplex=DuplexNoTumble"
(gdb) p line
$8 =
    "Dest\000seuss\000duplex\000Option5=True Duplex=DuplexNoTumble\000\000\000\000\b\000\001\000\300\250z\001\b\000\002\000\300\250z\001\b\000\004\000\300\250z\377\v\000\003\000virbr0\000\000(r\351\277\271\312dV\026\271\063\000\b\003\021\t\215\251\363\006\200\325\366\006\030\260\020\t,s\351\277Xr\351\277\363\006\240\321\f\t\200\323C\000,s\351\277+\223\351\277\000\000\000\000\000\000\000\000\270r\351\277\000\000\000\000\001\342\063\000\200\323C\000\b\002\000\000\200\325\366\006\030\260\020\t\000\000\000\000L\035H\000k\250\363\006\021\000\000\000J\"\366\006\b\000\000\000(s\351\277\021\000\000\000\021\000\000\000\000\260\020\trs\351\277\b\000\000\000\250\270\017\t\377\377\377\377\271\312dV\000\000\000\000\000\000\000\000[\246\363\006\200\325\366\006\274\270\017\t\001\000\000\000"...
(gdb) up
#2  0x06f36048 in cupsGetDests2 (http=<value optimized out>, dests=<value optimized out>)
    at dest.c:397
397       num_dests = cups_get_dests(filename, NULL, NULL, user_default != NULL,
(gdb) p instance
$9 = 0x0

Comment 9 Tim Waugh 2009-12-10 18:19:33 UTC
Problem identified.  Thanks for helping out.

Comment 10 Orion Poplawski 2009-12-10 19:03:35 UTC
Tested -16.f12 and confirmed the problem fixed for me.  Glad to have been able to help out.

Comment 11 Fedora Update System 2009-12-11 18:35:48 UTC
cups-1.4.2-16.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cups'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-12942

Comment 12 Fedora Update System 2009-12-11 18:38:15 UTC
cups-1.4.2-16.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cups'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12971

Comment 13 Fedora Update System 2009-12-27 20:31:56 UTC
cups-1.4.2-20.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2010-01-04 21:17:58 UTC
cups-1.4.2-20.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.