1654827 – cupsd crash on startup in ippCopyAttribute

Bug 1654827 - cupsd crash on startup in ippCopyAttribute

Summary: cupsd crash on startup in ippCopyAttribute

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cups
Sub Component:
Version:	28
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Zdenek Dohnal
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-11-29 18:51 UTC by Orion Poplawski
Modified:	2018-12-21 05:52 UTC (History)
CC List:	3 users (show)
Fixed In Version:	cups-2.2.6-30.fc28
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-12-21 05:52:45 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Orion Poplawski 2018-11-29 18:51:38 UTC

Description of problem:

Core was generated by `/usr/sbin/cupsd -l'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f4e2b7c6fcd in ippCopyAttribute (dst=<optimized out>, srcattr=0x7f4e180357a0, 
    quickcopy=0) at ipp.c:1689
1689              srcval->collection->use ++;
[Current thread is 1 (Thread 0x7f4e2d2e6040 (LWP 1136))]
(gdb) thr appl all bt

Thread 2 (Thread 0x7f4e1f881700 (LWP 1484)):
#0  0x00007f4e2b7c84b3 in ippNew () at ipp.c:2732
#1  0x000055c4d2d9516a in new_media_col (size=size@entry=0x7f4e18005b20, 
    source=0x55c4d37f2e24 "auto", type=0x7f4e180275c4 "com.hp.recycled") at printers.c:5145
#2  0x000055c4d2d9a9c8 in load_ppd (p=0x55c4d3b06270) at printers.c:4407
#3  cupsdSetPrinterAttrs (p=p@entry=0x55c4d3b06270) at printers.c:2450
#4  0x000055c4d2d757b2 in create_local_bg_thread (printer=0x55c4d3b06270) at ipp.c:5911
#5  0x00007f4e2ac11594 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f4e2a377e6f in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f4e2d2e6040 (LWP 1136)):
#0  0x00007f4e2b7c6fcd in ippCopyAttribute (dst=<optimized out>, srcattr=0x7f4e180357a0, 
    quickcopy=0) at ipp.c:1689
#1  0x000055c4d2d77c01 in copy_attrs (to=0x55c4d3b0f9a0, from=<optimized out>, ra=0x55c4d3af3790, 
    group=IPP_TAG_ZERO, quickcopy=0, exclude=0x0) at ipp.c:4526
#2  0x000055c4d2d794ab in copy_printer_attrs (con=con@entry=0x55c4d3ac1d30, 
    printer=0x55c4d3b06270, ra=ra@entry=0x55c4d3af3790) at ipp.c:5603
#3  0x000055c4d2d8652e in get_printer_attrs (uri=0x55c4d3b06e40, con=0x55c4d3ac1d30) at ipp.c:7919
#4  cupsdProcessIPPRequest (con=con@entry=0x55c4d3ac1d30) at ipp.c:536
#5  0x000055c4d2d65a05 in cupsdReadClient (con=0x55c4d3ac1d30) at client.c:2194
#6  0x000055c4d2d9f8a5 in cupsdDoSelect (timeout=<optimized out>) at select.c:484
#7  0x000055c4d2d5b000 in main (argc=<optimized out>, argv=<optimized out>) at main.c:885
(gdb) print srcval->collection->use ++
Cannot access memory at address 0x7f4e181639e8
(gdb) print srcval->collection->use
$10 = 1
(gdb) print *srcval->collection
$13 = {state = IPP_STATE_IDLE, request = {any = {version = "\001\001", op_status = 0,
      request_id = 0}, op = {version = "\001\001", operation_id = IPP_OP_CUPS_NONE,
      request_id = 0}, status = {version = "\001\001", status_code = IPP_STATUS_OK,
      request_id = 0}, event = {version = "\001\001", status_code = IPP_STATUS_OK,
      request_id = 0}}, attrs = 0x7f4e18163ad0, last = 0x7f4e18163c50, current = 0x7f4e18163c50,
  curtag = IPP_TAG_ZERO, prev = 0x7f4e18163c10, use = 1, atend = 0, curindex = 0}


Version-Release number of selected component (if applicable):
cups-2.2.6-25.fc28.x86_64


How reproducible:
Seen once so far on startup.

Upstream fix appears to be here: https://github.com/apple/cups/commit/8e47ac0199edc01233888724b1ba32c4dfcd54b3

Comment 1 Zdenek Dohnal 2018-12-03 11:18:24 UTC

Hi Orion,

thank you for reporting the issue and finding the patch! I'll issue the build now for Fedora 28, because it is fixed in newer Fedoras.

Comment 2 Fedora Update System 2018-12-03 11:35:12 UTC

cups-2.2.6-26.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1e8bfb04f1

Comment 3 Fedora Update System 2018-12-04 03:37:59 UTC

cups-2.2.6-26.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1e8bfb04f1

Comment 4 Fedora Update System 2018-12-10 16:10:39 UTC

cups-2.2.6-27.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8eb6a893fa

Comment 5 Fedora Update System 2018-12-13 13:57:47 UTC

cups-2.2.6-28.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f2699fb66d

Comment 6 Fedora Update System 2018-12-13 17:57:56 UTC

cups-2.2.6-29.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-68028d9bbf

Comment 7 Fedora Update System 2018-12-15 03:19:41 UTC

cups-2.2.6-29.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-68028d9bbf

Comment 8 Fedora Update System 2018-12-21 05:52:45 UTC

cups-2.2.6-30.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.