Red Hat Bugzilla – Bug 150739
cupsd segfaults (dbus)
Last modified: 2014-03-16 22:52:46 EDT
Description of problem: # service cups start Starting cups: cupsd: Child exited on signal 11! [FAILED] Version-Release number of selected component (if applicable): # rpm -q cups dbus cups-1.1.23-13 dbus-0.31-2 How reproducible: Every time Steps to Reproduce: 1. See above strace shows... ... 3936 socket(PF_FILE, SOCK_STREAM, 0) = 2 3936 connect(2, {sa_family=AF_FILE, path="/var/run/dbus/system_bus_socket"}, 110) = 0 3936 fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR) 3936 fcntl64(2, F_SETFL, O_RDWR|O_NONBLOCK) = 0 3936 fcntl64(2, F_GETFD) = 0 3936 fcntl64(2, F_SETFD, FD_CLOEXEC) = 0 3936 getuid32() = 0 3936 rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0 3936 poll([{fd=2, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 3936 write(2, "\0", 1) = 1 3936 write(2, "AUTH EXTERNAL 30\r\n", 18) = 18 3936 poll([{fd=2, events=POLLIN, revents=POLLIN}], 1, -1) = 1 3936 read(2, "OK\r\n", 2048) = 4 3936 poll([{fd=2, events=POLLOUT, revents=POLLOUT}], 1, -1) = 1 3936 write(2, "BEGIN\r\n", 7) = 7 3936 poll([{fd=2, events=POLLIN|POLLOUT, revents=POLLOUT}], 1, -1) = 1 3936 writev(2, [{"l\1\0\1\0\0\0\0\1\0\0\0n\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 128}, {"", 0}], 2) = 128 3936 gettimeofday({1110424069, 211329}, NULL) = 0 3936 poll([{fd=2, events=POLLIN, revents=POLLIN}], 1, 25000) = 1 3936 read(2, "l\2\1\1\n\0\0\0\1\0\0\0=\0\0\0\6\1s\0\5\0\0\0:1.23\0\0"..., 2048) = 260 3936 read(2, 0x8a60838, 2048) = -1 EAGAIN (Resource temporarily unavailable) 3936 --- SIGSEGV (Segmentation fault) @ 0 (0) --- Will attept to get a gdb backtrace.
Program received signal SIGSEGV, Segmentation fault. 0x0034ea6b in strlen () from /lib/tls/libc.so.6 (gdb) bt #0 0x0034ea6b in strlen () from /lib/tls/libc.so.6 #1 0x002bdc42 in marshal_string (str=0x6c797473, insert_at=1819898995, value=0x6c797473 <Address 0x6c797473 out of bounds>, byte_order=-1074363444, pos_after=0xbff683cc) at dbus-marshal-basic.c:808 #2 0x00298cee in _dbus_type_writer_write_basic_no_typecode ( writer=0xbff683cc, type=1819898995, value=0x6c797473) at dbus-marshal-recursive.c:1682 #3 0x002999b2 in _dbus_type_writer_write_basic (writer=0xbff682ac, type=115, value=0x6c797473) at dbus-marshal-recursive.c:2387 #4 0x0029f4fc in dbus_message_iter_append_basic (iter=0xbff682a4, type=115, value=0xbff683cc) at dbus-message.c:2087 #5 0x0079d4bf in dbus_broadcast_printer_added ( printer_name=0x6c797473 <Address 0x6c797473 out of bounds>) at main.c:200 #6 0x007b4a46 in AddPrinter (name=Variable "name" is not available. ) at printers.c:147 #7 0x007b7518 in LoadAllPrinters () at printers.c:887 #8 0x00799b84 in ReadConfiguration () at conf.c:687 #9 0x0079dc8f in main (argc=2, argv=0xbff6d124) at main.c:500
fixed to the dbus patch to send the address of the values to dbus_message_iter_append_basic instead of the values themselves. Tim can you rebuild.
*** Bug 150767 has been marked as a duplicate of this bug. ***
Please try 1.1.23-14.
cups 1.1.23-14 works !! Thanks.
*** Bug 150824 has been marked as a duplicate of this bug. ***
*** Bug 150845 has been marked as a duplicate of this bug. ***