Bug 1881365 - cups-browsed crashing
Summary: cups-browsed crashing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cups-filters
Version: 32
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Zdenek Dohnal
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1889794 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-22 09:37 UTC by Andreas Petzold
Modified: 2020-11-21 01:44 UTC (History)
3 users (show)

Fixed In Version: cups-filters-1.28.5-1.fc33 cups-filters-1.28.5-1.fc31 cups-filters-1.28.5-1.fc32
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-08 01:15:19 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
valgrind log of cups-browsed (46.29 KB, text/plain)
2020-09-30 09:59 UTC, Andreas Petzold
no flags Details
GDB script (292 bytes, text/plain)
2020-10-08 12:07 UTC, Zdenek Dohnal
no flags Details
output of gdb_script (7.62 KB, text/plain)
2020-10-12 12:48 UTC, Andreas Petzold
no flags Details
cups-browsed debug log (2.28 MB, text/plain)
2020-10-12 12:49 UTC, Andreas Petzold
no flags Details
GDB script (412 bytes, text/plain)
2020-10-13 11:17 UTC, Zdenek Dohnal
no flags Details
Output of the new gdb script. (8.83 KB, text/plain)
2020-10-21 13:02 UTC, Andreas Petzold
no flags Details
GDB script (434 bytes, text/plain)
2020-10-21 13:31 UTC, Zdenek Dohnal
no flags Details
gdb_log (26.45 KB, text/plain)
2020-10-21 13:50 UTC, Ian Collier
no flags Details
PPD of a printer that crashes cups-browsed (238.65 KB, text/plain)
2020-10-22 10:01 UTC, Ian Collier
no flags Details
ipptool output for CentOS 7 print queue (14.10 KB, text/plain)
2020-10-26 13:17 UTC, Zdenek Dohnal
no flags Details
ipptool output for Fedora 32 print queue (22.22 KB, text/plain)
2020-10-26 13:20 UTC, Zdenek Dohnal
no flags Details

Description Andreas Petzold 2020-09-22 09:37:54 UTC
Description of problem:

cups-browsed is crashing as soon as I add a BrowsePoll stanza for our local cups ser

Version-Release number of selected component (if applicable):
cups-2.3.3-13.fc32.x86_64
cups-client-2.3.3-13.fc32.x86_64
cups-debuginfo-2.3.3-13.fc32.x86_64
cups-debugsource-2.3.3-13.fc32.x86_64
cups-filesystem-2.3.3-13.fc32.noarch
cups-filters-1.28.2-2.fc32.x86_64
cups-filters-debuginfo-1.28.2-2.fc32.x86_64
cups-filters-debugsource-1.28.2-2.fc32.x86_64
cups-filters-libs-1.28.2-2.fc32.x86_64
cups-ipptool-2.3.3-13.fc32.x86_64
cups-libs-2.3.3-13.fc32.x86_64
cups-libs-debuginfo-2.3.3-13.fc32.x86_64
cups-pk-helper-0.2.6-9.fc32.x86_64


How reproducible:
Always

Steps to Reproduce:
1. add a BrowsePoll cups.server.bla:631 to /etc/cups/cups-browsed.conf
2. restart cups-browsed
3.

Actual results:
cups-browsed crash

Expected results:
cups-browsed browsed our local cups server and make the printers available.

Additional info:
coredumpctl debug 
           PID: 144390 (cups-browsed)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Tue 2020-09-22 10:11:33 CEST (1h 24min ago)
  Command Line: /usr/sbin/cups-browsed
    Executable: /usr/sbin/cups-browsed
 Control Group: /system.slice/cups-browsed.service
          Unit: cups-browsed.service
         Slice: system.slice
       Boot ID: 86b0e038ae68470097eb4d147e918358
    Machine ID: 7b676f05c9704033b804ec4a46a63d9a
      Hostname: vetinari
       Storage: /var/lib/systemd/coredump/core.cups-browsed.0.86b0e038ae68470097eb4d147e918358.144390.1600762293000000000000.lz4
       Message: Process 144390 (cups-browsed) of user 0 dumped core.
                
                Stack trace of thread 144390:
                #0  0x00007fbbed8497e9 ppdCreateFromIPP2 (libcupsfilters.so.1 + 0x287e9)
                #1  0x0000555ec4dc07f3 update_cups_queues (cups-browsed + 0x1f7f3)
                #2  0x00007fbbed8fb331 g_timeout_dispatch (libglib-2.0.so.0 + 0x53331)
                #3  0x00007fbbed8fa78f g_main_context_dispatch (libglib-2.0.so.0 + 0x5278f)
                #4  0x00007fbbed8fab18 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x52b18)
                #5  0x00007fbbed8fae33 g_main_loop_run (libglib-2.0.so.0 + 0x52e33)
                #6  0x0000555ec4dabf3e main (cups-browsed + 0xaf3e)
                #7  0x00007fbbed5b6042 __libc_start_main (libc.so.6 + 0x27042)
                #8  0x0000555ec4dacb8e _start (cups-browsed + 0xbb8e)
                
                Stack trace of thread 144393:
                #0  0x00007fbbed685aaf __poll (libc.so.6 + 0xf6aaf)
                #1  0x00007fbbed8faaae g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x52aae)
                #2  0x00007fbbed8fabe3 g_main_context_iteration (libglib-2.0.so.0 + 0x52be3)
                #3  0x00007fbbed8fac31 glib_worker_main (libglib-2.0.so.0 + 0x52c31)
                #4  0x00007fbbed9247f2 g_thread_proxy (libglib-2.0.so.0 + 0x7c7f2)
                #5  0x00007fbbed762432 start_thread (libpthread.so.0 + 0x9432)
                #6  0x00007fbbed690913 __clone (libc.so.6 + 0x101913)
                
                Stack trace of thread 144394:
                #0  0x00007fbbed685aaf __poll (libc.so.6 + 0xf6aaf)
                #1  0x00007fbbed8faaae g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0x52aae)
                #2  0x00007fbbed8fae33 g_main_loop_run (libglib-2.0.so.0 + 0x52e33)
                #3  0x00007fbbedb4e69a gdbus_shared_thread_func (libgio-2.0.so.0 + 0x12269a)
                #4  0x00007fbbed9247f2 g_thread_proxy (libglib-2.0.so.0 + 0x7c7f2)
                #5  0x00007fbbed762432 start_thread (libpthread.so.0 + 0x9432)
                #6  0x00007fbbed690913 __clone (libc.so.6 + 0x101913)

GNU gdb (GDB) Fedora 9.1-6.fc32
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/cups-browsed...
Reading symbols from /usr/lib/debug/usr/sbin/cups-browsed-1.28.2-2.fc32.x86_64.debug...
[New LWP 144390]
[New LWP 144393]
[New LWP 144394]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/sbin/cups-browsed'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fbbed8497e9 in ppdCreateFromIPP2 (buffer=0x7ffe42ca04c0 "/tmp/234065f6de11d", bufsize=<optimized out>, response=0x555ec4f7d470, make_model=<optimized out>, pdl=<optimized out>, color=1, duplex=1, conflicts=0x0, 
    sizes=0x555ec5019760, default_pagesize=0x0, default_cluster_color=0x0) at cupsfilters/ppdgenerator.c:2227
2227          *suffix = '\0';
[Current thread is 1 (Thread 0x7fbbec39eac0 (LWP 144390))]
(gdb) bt f
#0  0x00007fbbed8497e9 in ppdCreateFromIPP2 (buffer=0x7ffe42ca04c0 "/tmp/234065f6de11d", bufsize=<optimized out>, response=0x555ec4f7d470, make_model=<optimized out>, pdl=<optimized out>, color=1, duplex=1, conflicts=0x0, 
    sizes=0x555ec5019760, default_pagesize=0x0, default_cluster_color=0x0) at cupsfilters/ppdgenerator.c:2227
        tbottom = '\000' <repeats 255 times>
        ttop = '\000' <repeats 216 times>...
        twidth = "\000\345\311B\376\177\000\000 \345\311B\376\177\000\000\000\266\341\304^U\000\000\240\346\311B\376\177\000\000\000@u\355\273\177\000\000\063\255_\355\273\177", '\000' <repeats 42 times>, "\377\377\377\377\377\377\377\377", '\000' <repeats 12 times>, "\377\377\377\377\000\000\000\000\000\000\000\000%\000\000\000lity\000\000\000\000ity\000%\000\000\000\273\177\000\000\030\000\000\000\000\000\000\000=\000\000\000\000\000\000\000\001\000\000\000\v\000\000\000h\r\000\000\000\000\000\000%\266\341\304^U\000\000\002\000\000\000\000\000\000\000\020\222\334\304^U\000\000"...
        ppdsizename = "\340\232\001\305^U\000\000\253\202a\355\273\177\000\000P\226\001\305^U\000\000\200\333\311B", '\000' <repeats 12 times>, "Q~a\355\273\177\000\000_\332\311B\376\177\000\000\000s 1{!\267\322\000\000\000\000\000\000\000\000Q~a\355\273\177\000\000Ћ\001\305^U\000\000\000\000\000\000\000\000\000\000P\220\001\305^U\000\000\000s 1\000\000\000\000@\215\001\305^U\000\000\253\202a\355\273\177\000"
        tright = '\000' <repeats 255 times>
        ippsizename = <optimized out>
        suffix = 0x0
        tleft = "\265\261i_\000\000\000\000\n%\004\000\000\000\000\000\020\005\363\304^U\000\000\020#\375\304^U\000\000\000\000\000\000\000\000\000\000\260;z\355\273\177\000\000\240\346\311B\376\177\000\000\000\000\000\000\000\000\000\000\240\243\001\305^U", '\000' <repeats 18 times>, "DESKJET-930C", '\000' <repeats 155 times>
        tlength = "\000ormal\000uality\000\000g\000\342\311B\376\177\000\000\060\342\311B\376\177\000\000\060\342\311B\376\177\000\000C\342\311B\376\177\000\000/\346\311B\376\177\000\000(\000\000\000\060\000\000\000\200\347\311B\376\177\000\000\300\346\311B\376\177\000\000\360\353\311B\376\177\000\000\360\352\311B\376\177", '\000' <repeats 22 times>, "\200", '\000' <repeats 43 times>, "\377\377\377\377\377\377\377\377Zi{\355\273\177\000\000\a\243\177\355\273\177\000\000\000\000\000\000\002\000\000\000\377\377\377\377\000\000\000\000\000"...
        all_borderless = 1
        fp = 0x555ec501a9f0
        printer_sizes = <optimized out>
        size = <optimized out>
        attr = <optimized out>
        attr2 = <optimized out>
        defattr = 0x555ec4f7e900
        quality = <optimized out>
        x_dim = <optimized out>
        y_dim = <optimized out>
        media_col = <optimized out>
        media_size = <optimized out>
        make = "Ricoh\000MP C2504 PS\000\001\305^U\000\000x\362\363\304\000\000\000\000\340\232\001\305^U\000\000\000s 1\000\000\000\000@\215\001\305^U\000\000\000\000\000\000\000\000\000\000\020\005\363\304^U\000\000\000s 1{!\267\322P\226\001\305^U", '\000' <repeats 18 times>, "\350\003\000\000\000\000\000\000P\226\001\305^U\000\000\200\333\311B\376\177\000\000\000\000\000\000\000\000\000\000\276Gz\355\273\177\000\000\260;z\355\273\177\000\000\240\346\311B\376\177\000\000\001\000\000\000\204\003\000\000\220\333\311B\376\177\000\000\002\000\000\000\376\177\000\000\000\000\000\000\000\000\000\000\330\333\311B\376\177\000\000\000\000\000\000\000\000\000\000"...
        model = <optimized out>
        ppdname = "A4\000\305^U\000\000\000s 1{!\267\322\000\000\000\000\000\000\000\000\000s 1{!\267\322\002\000\000\000\000\000\000\000\253"
        i = <optimized out>
        j = <optimized out>
        count = <optimized out>
        bottom = 0
        left = 0
        right = 0
        top = 0
        max_length = 126012
        max_width = 32032
        min_length = 14781
        min_width = 8996
        is_apple = <optimized out>
        is_pwg = 0
        is_pclm = 0
        is_pdf = 1
        pwg = <optimized out>
        xres = <optimized out>
        yres = <optimized out>
        common_res = 0x555ec5019760
        current_res = 0x555ec5019760
        pdl_list = <optimized out>
        common_def = 0x555ec4fbf470
        current_def = 0x555ec4fbf470
        min_res = 0x555ec4fbf410
        max_res = 0x555ec5010cd0
        lang = 0x555ec4f2e3d0
        loc = <optimized out>
        printer_opt_strings_catalog = 0x0
--Type <RET> for more, q to quit, c to continue without paging--c
        human_readable = <optimized out>
        human_readable2 = <optimized out>
        keyword = <optimized out>
        fin_options = 0x0
        buf = "png\000\000ups-postscr\000\000\000\000\000\000\000\000\017", '\000' <repeats 15 times>, "\240\211\177\355\273\177\000\000\060\347\311B\376\177\000\000P\347\311B\376\177\000\000\233\211\177\355\273\177\000\000\320\350\311B\376\177\000\000\000@u\355\273\177\000\000\063\255_\355\273\177\000\000\000\000\000\000\273\177\000\000\310v{\355\273\177", '\000' <repeats 14 times>, "\376\177\000\000\060\342\311B\000\000\000\000\377\377\377\377\377\377\377\377", '\000' <repeats 12 times>, "\376\177\000\000/root/.cups/lpoptions\000\000\000\003\000\000\000\376\177\000\000\002\000\000\000\000\000\000\000"...
        filter_path = "\000\000\000\000\n\000\000\000\001", '\000' <repeats 31 times>, "\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\070>a\355\273\177\000\000=\000\000\000\000\000\000\000?\034k_\000\000\000\000\n\000\000\000\376\177\000\000=\000\000\000\000\000\000\000`\351\311B\376\177\000\000\200\351\311B\376\177\000\000\b\377\334\304^U\000\000\000\353\311B\376\177\000\000\000\000\000\000\000\000\000\000\300\246_\355\273\177\000\000\000\000\000\000\000\000\000\000\314=\200\355\273\177", '\000' <repeats 14 times>, "\376\177\000\000\260\347\311B\000\000\000\000\377\377\377\377\377\377\377\377", '\000' <repeats 16 times>...
        cups_serverbin = <optimized out>
        defaultoutbin = <optimized out>
        outbin = <optimized out>
        outbin_properties = "\037\352\311B\376\177\000\000\360\351\311B\376\177\000\000\260\347\311B\376\177", '\000' <repeats 26 times>, "/var/cache/cups/cups-browsed-options-SCC-CN441OG-A3A4FarbeMFP\000\000\000\377\377\377\377\377\377\377\377", '\000' <repeats 24 times>, "\377\377\377\377", '\000' <repeats 16 times>, "\200\000\000\000\000@u\355\273\177", '\000' <repeats 18 times>, "\340\000\000\000\000\000\000\000"...
        octet_str_len = 21854
        outbin_properties_octet = <optimized out>
        outputorderinfofound = <optimized out>
        faceupdown = <optimized out>
        firsttolast = <optimized out>
        manual_copies = <optimized out>
        is_fax = 0
        formatfound = <optimized out>
#1  0x0000555ec4dc07f3 in update_cups_queues (unused=unused@entry=0x0) at utils/cups-browsed.c:8527
        p = <optimized out>
        q = <optimized out>
        r = <optimized out>
        s = <optimized out>
        master = <optimized out>
        http = 0x555ec4f2a350
        uri = "ipp://localhost/printers/SCC-CN441OG-A3A4FarbeMFP", '\000' <repeats 855 times>...
        device_uri = "implicitclass://SCC-CN441OG-A3A4FarbeMFP/\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000h\r\000\000\000\000\000\000\233\211\177\355\273\177\000\000\002\000\000\000\000\000\000\000\206\016\312B\376\177\000\000\240\211\177\355\273\177\000\000\260\243\177\355\273\177\000\000p\251\177\355\273\177", '\000' <repeats 11 times>, "\203{\355\273\177\000\000\000\000\000\000\000\000\000\000\200\367\311B\376\177\000\000(\362\311B\376\177\000\000\200\363\311B\376\177\000\000\000\004\000\000\000\004\000\000\000\001\000\000\017\000\000\000v\016\312B\376\177\000\000\253\016\312B\376\177\000\000\000\000\000\000\000\000\000\000"...
        buf = "/tmp/234065f6b1c3f", '\000' <repeats 182 times>...
        line = "P^\001\305^U\000\000\253\330y\355\273\177\000\000@\\\001\305^U\000\000\000s 1{!\267Ҡ[\001\305^U\000\000\000s 1{!\267\322@]\001\305^U\000\000\253\330y\355\273\177\000\000\300Q\001\305^U\000\000\000s 1{!\267\322\364\223\367\304^U\000\000\060\230\362\304^U\000\000\200]\001\305^U\000\000\000s 1{!\267\322\001\000\000\000\000\000\000\000\253\330y\355\273\177\000\000\364\223\367\304^U\000\000\000s 1{!\267\322\300Q\001\305\000\000\000\000\060\230\362\304^U\000\000\060^\001\305^U\000\000\200R\370\304^U\000\000\a\000\064\000\033\000\000\000\377\377\377\377\377\377\377\377\364\223\367\304^U\000\000\355"...
        num_options = <optimized out>
        options = 0x555ec4fb9e80
        num_jobs = <optimized out>
        jobs = 0x0
        request = <optimized out>
        current_time = <optimized out>
        i = <optimized out>
        ap_remote_queue_id_line_inserted = <optimized out>
        want_raw = <optimized out>
        num_cluster_printers = <optimized out>
        disabled_str = <optimized out>
        ptr = <optimized out>
        ppdfile = <optimized out>
        ifscript = 0x0
        fd = <optimized out>
        tempfile = '\000' <repeats 448 times>...
        buffer = "/tmp/234065f6de11d", '\000' <repeats 30 times>, "\061\067\062.21.7.109", '\000' <repeats 236 times>...
        bytes = <optimized out>
        cups_serverbin = <optimized out>
        attr = <optimized out>
        count = <optimized out>
        left = <optimized out>
        right = <optimized out>
        bottom = <optimized out>
        top = <optimized out>
        default_page_size = <optimized out>
        best_color_space = 0x0
        color_space = <optimized out>
        loadedppd = 0x0
        ppd = <optimized out>
        choice = <optimized out>
        in = <optimized out>
        out = <optimized out>
        keyword = "\233\211\177\355\273\177\000\000\320\a\312B\376\177\000\000\000@u\355\273\177\000\000\063\255_\355\273\177", '\000' <repeats 42 times>, "\377\377\377\377\377\377\377\377", '\000' <repeats 24 times>, "\003", '\000' <repeats 15 times>, "\003\000\000\000\376\177\000\000\002\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000\002\000\000\000\v\000\000\000h\r\000\000\000\000\000\000\233\211\177\355\273\177\000\000\002", '\000' <repeats 15 times>, "\240\211\177\355\273\177", '\000' <repeats 106 times>...
        keyptr = <optimized out>
        customval = <optimized out>
        val = <optimized out>
        dest = <optimized out>
        is_shared = <optimized out>
        conflicts = <optimized out>
        printer_attributes = 0x555ec4f7d470
        sizes = <optimized out>
        printer_ipp_response = <optimized out>
        make_model = 0x0
        pdl = 0x0
        color = 1
        duplex = 1
        default_pagesize = <optimized out>
        default_color = 0x0
        cups_queues_updated = <optimized out>
#2  0x00007fbbed8fb331 in g_timeout_dispatch (source=source@entry=0x555ec50175c0, callback=0x555ec4dbe970 <update_cups_queues>, user_data=0x0) at ../glib/gmain.c:4800
        timeout_source = 0x555ec50175c0
        again = <optimized out>
#3  0x00007fbbed8fa78f in g_main_dispatch (context=0x555ec4f3eee0) at ../glib/gmain.c:3309
        dispatch = <optimized out>
        prev_source = 0x0
        was_in_call = <optimized out>
        user_data = 0x0
        callback = 0x555ec4dbe970 <update_cups_queues>
        cb_funcs = 0x7fbbed9d1280 <g_source_callback_funcs>
        cb_data = 0x555ec5016430
        need_destroy = <optimized out>
        source = 0x555ec50175c0
        current = 0x555ec4f10780
        i = 6
        __func__ = "g_main_dispatch"
#4  g_main_context_dispatch (context=0x555ec4f3eee0) at ../glib/gmain.c:3974
No locals.
#5  0x00007fbbed8fab18 in g_main_context_iterate (context=0x555ec4f3eee0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4047
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = <optimized out>
        fds = 0x7fbbdc00c4c0
#6  0x00007fbbed8fae33 in g_main_loop_run (loop=0x555ec4f0ea00) at ../glib/gmain.c:4241
        self = <optimized out>
        __func__ = "g_main_loop_run"
#7  0x0000555ec4dabf3e in main (argc=1, argv=<optimized out>) at utils/cups-browsed.c:12634
        ret = 1
        http = <optimized out>
        i = <optimized out>
        val = <optimized out>
        p = <optimized out>
        proxy = 0x555ec4f5ecc0
        error = 0x0
        subscription_id = 912
        action = {__sigaction_handler = {sa_handler = 0x555ec4db77a0 <sigusr2_handler>, sa_sigaction = 0x555ec4db77a0 <sigusr2_handler>}, sa_mask = {__val = {2048, 0 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x0}

Comment 1 Zdenek Dohnal 2020-09-29 15:34:29 UTC
Hi Andreas,

thank you for reporting the issue!

The issue is clear - strcasestr() cannot find '.Borderless' string in string 'A4', but I don't know the connection between size->media and ppdname strings (if all size->media's are Borderless, then it expects ppdname has .Borderless substring too...).

Would you mind running the cups-browsed within valgrind with memcheck ( with cups-filters-debugsource, cups-filters-debuginfo, cups-filters-libs-debuginfo, cups-libs-debuginfo, cups-debugsource installed)?

$ sudo valgrind --leak-check=full --log-file=valgrind.log /usr/sbin/cups-browsed


just to be sure if there aren't some memory errors there.


I prepared a simple hot fix here https://koji.fedoraproject.org/koji/taskinfo?taskID=52462182 .

Would you mind testing it too? But please provide the info requested earlier.


Thank you in advance!

Comment 2 Andreas Petzold 2020-09-30 09:59:08 UTC
Created attachment 1717802 [details]
valgrind log of cups-browsed

As requested, I've run cups-browsed in valgrind.

Comment 3 Andreas Petzold 2020-09-30 10:03:47 UTC
Hi Zdenek,

(In reply to Zdenek Dohnal from comment #1)
> 
> I prepared a simple hot fix here
> https://koji.fedoraproject.org/koji/taskinfo?taskID=52462182 .
> 
> Would you mind testing it too? But please provide the info requested earlier.

I've tested your packages from koji and cups-browsed is not crashing! Thanks for the fix!

Comment 4 Zdenek Dohnal 2020-09-30 11:39:11 UTC
Andreas,

please test the printing too - to be sure it doesn't introduce a problem with printing.

Comment 5 Andreas Petzold 2020-10-01 09:03:35 UTC
Hi Zdenek,

printing to a printer which was discovered via cups-browsed work fine for me!

Comment 6 Zdenek Dohnal 2020-10-07 13:37:52 UTC
Andreas,

I find the current fix kind of strange, so I'm digging deeper into the code to understand why the damn it got into this place, where it crashed.

I'm trying to figure out why all values of 'media' in 'sizes' struct contain '.Borderless' (since 'all_borderless' is still 1), but 'ppdname' is without '.Borderless'.

It can happen if 'media-col-default' contains normal media type, and then other attributes regarding media - 'media-col-database', 'media-size-supported' and 'media-supported' - have all borderless types. I find it very strange.

I'll send you a gdb script this week to debug this further.

Comment 7 Zdenek Dohnal 2020-10-08 12:07:08 UTC
Andreas,

would you mind running this command:

$ sudo gdb -x gdb_script /usr/sbin/cups-browsed

with gdb_script (I will upload it shortly) and attach the created gdb_log file here as an attachment?

It will run cups-browsed in gdb and collect values of ppdname and all media names.

Comment 8 Zdenek Dohnal 2020-10-08 12:07:44 UTC
Created attachment 1719931 [details]
GDB script

Comment 9 Zdenek Dohnal 2020-10-12 11:36:46 UTC
And would you mind enabling cups-browsed debug logging by adding 'DebugLogging stderr' into /etc/cups/cups-browsed.conf, restarting cups-browsed service, collecting the logs via:

$ journalctl -u cups-browsed > browsed.log

and attaching the browsed.log as an attachment?

Comment 10 Andreas Petzold 2020-10-12 12:48:13 UTC
Created attachment 1720955 [details]
output of gdb_script

output of gdb_script

Comment 11 Andreas Petzold 2020-10-12 12:49:04 UTC
Created attachment 1720956 [details]
cups-browsed debug log

cups-browsed debug log

Comment 12 Zdenek Dohnal 2020-10-13 11:17:29 UTC
Created attachment 1721170 [details]
GDB script

Thank you for your cooperation so far! I'm deeply sorry, I forgot to add the breakpoint to the script to break on the specific print queue which was being processed when the segfault happened...

So GDB output gave me media sizes for the first processed queue, but the segfault happened when the queue called SCC-CN441OG-A3A4FarbeMFP was being processed, so I would like to check these...

Would you mind running the gdb script again? Logs from debug log are fine, you don't need to reupload them.

Comment 13 Zdenek Dohnal 2020-10-21 09:39:16 UTC
*** Bug 1889794 has been marked as a duplicate of this bug. ***

Comment 14 Andreas Petzold 2020-10-21 13:02:26 UTC
Created attachment 1723200 [details]
Output of the new gdb script.

I'm not sure the output is useful. It ends with:

gdb_script (1):12: Error in sourced command file:
No symbol "ppdname" in current context.

Comment 15 Zdenek Dohnal 2020-10-21 13:31:42 UTC
Created attachment 1723201 [details]
GDB script

One step missed in GDB script, please rerun it again.

I'm sorry for inconvenience :(

Comment 16 Ian Collier 2020-10-21 13:50:19 UTC
Created attachment 1723213 [details]
gdb_log

This log is what I get (I inserted an extra 'c').

The ppdname is coming from "media-col-default" in the request which has x=21000, y=297000 and all the margins set to 423, so it is not borderless and its name is "A4".  However, all the sizes are coming from "media-size-supported" and apparently these do all have margins set to zero.  I am not sure why they are zero; but since the information is coming from different sources it seems that it is not a valid assumption that the default media would be borderless just because all of the reported supported media types are borderless (even though that sounds counter-intuitive).

The PPD for this printer is "Ricoh MP C5504 , Postscript-Ricoh 20161206 (OpenPrinting LSB 3.2)" (which came from openprinting.org).  It defines roughly 60 media sizes, which is actually a list of 30 media listed twice: the first time with "false setedgetoedge" and the second time with "true setedgetoedge" and "FullBleed" in the media name.  So the supported media types in the original PPD are clearly not all borderless, and I don't know where all the values with zero borders in the attached log are coming from.

Comment 17 Zdenek Dohnal 2020-10-22 08:47:58 UTC
(In reply to Ian Collier from comment #16)
> Created attachment 1723213 [details]
> gdb_log
> 
> This log is what I get (I inserted an extra 'c').

Thanks - it seems the code execution differs in my and your cases, so I always update the script regarding your output.

> 
> The ppdname is coming from "media-col-default" in the request which has
> x=21000, y=297000 and all the margins set to 423, so it is not borderless
> and its name is "A4".  However, all the sizes are coming from
> "media-size-supported" and apparently these do all have margins set to zero.
> I am not sure why they are zero; but since the information is coming from
> different sources it seems that it is not a valid assumption that the
> default media would be borderless just because all of the reported supported
> media types are borderless (even though that sounds counter-intuitive).

Ok, that's confirms my suspicion... I'll talk with upstream about the situation, because I'm not sure how PPD generator should react to such input. The simple NULL check would fix the crash, but I would prefer the complete solution for such cases.

If you are in hurry, I can prepare the hot fix for your as I prepared for Andreas - it hasn't had any side effect for him as he told - please let me know if you are interested.

> 
> The PPD for this printer is "Ricoh MP C5504 , Postscript-Ricoh 20161206
> (OpenPrinting LSB 3.2)" (which came from openprinting.org).  It defines
> roughly 60 media sizes, which is actually a list of 30 media listed twice:
> the first time with "false setedgetoedge" and the second time with "true
> setedgetoedge" and "FullBleed" in the media name.  So the supported media
> types in the original PPD are clearly not all borderless, and I don't know
> where all the values with zero borders in the attached log are coming from.

Is this the PPD you are talking about http://www.openprinting.org/download/PPD/Ricoh/PS/Ricoh-MP_C5504_PS.ppd ?

It would be best if you just attach the PPD you use - then I can try to setup client-server topology, where there will be a print queue with your PPD on the server, and client will use BrowsePoll to get the remote print queue and install it locally - and hopefully reproduce the crash.


Thank you for the data so far!

Comment 18 Ian Collier 2020-10-22 10:01:39 UTC
Created attachment 1723493 [details]
PPD of a printer that crashes cups-browsed

Here's the PPD - it matches the one at the URL in comment 17 but with
some defaults changed.  It may be relevant that the CUPS server in my
case is CentOS 7 running cups-1.6.3 as presumably that has its own
quirks.

[I don't need a hotfix as downgrading to cups-filters 1.27.3-1.fc32 doesn't
crash - thanks.]

Comment 19 Zdenek Dohnal 2020-10-26 10:17:21 UTC
Thank you for the PPD and mentioning the OS version! I can reproduce the issue now.

Comment 20 Zdenek Dohnal 2020-10-26 13:17:32 UTC
Created attachment 1724154 [details]
ipptool output for CentOS 7 print queue

This is the output of:

$ ipptool -tv ipp://<IP>:631/printers/<print_queue_name> get-printer-attributes.test

when /usr/share/cups/ipptool/get-printer-attributes.test is modified like this:

-ATTR keyword requested-attributes all,media-col-database
+ATTR keyword requested-attributes all

The print queue is installed on CentOS 7.

Comment 21 Zdenek Dohnal 2020-10-26 13:20:44 UTC
Created attachment 1724155 [details]
ipptool output for Fedora 32 print queue

Created by:

$ ipptool -tv ipp://<IP>:631/printers/<print_queue_name> get-printer-attributes.test

with the default /usr/share/cups/ipptool/get-printer-attributes.test.

The server where print queue is installed is Fedora 32.

Comment 22 Zdenek Dohnal 2020-10-27 09:24:58 UTC
CentOS 7 cups is not capable to send media-col-database, where non-borderless medias are stored. Other sources of medias - media-size-supported, media-supported - have generated medias as borderless.

I'll ask upstream how he expects PPD generator to behave.

Comment 23 Zdenek Dohnal 2020-10-27 11:43:14 UTC
Reported upstream https://github.com/OpenPrinting/cups-filters/issues/314

Comment 24 Fedora Update System 2020-11-02 12:46:12 UTC
FEDORA-2020-9838e6305e has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-9838e6305e

Comment 25 Fedora Update System 2020-11-02 12:52:42 UTC
FEDORA-2020-d2cae2fd30 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d2cae2fd30

Comment 26 Fedora Update System 2020-11-02 13:00:19 UTC
FEDORA-2020-d1a62979ee has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1a62979ee

Comment 27 Fedora Update System 2020-11-03 02:25:32 UTC
FEDORA-2020-9838e6305e has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-9838e6305e`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-9838e6305e

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 28 Fedora Update System 2020-11-03 02:26:18 UTC
FEDORA-2020-d2cae2fd30 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-d2cae2fd30`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d2cae2fd30

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 29 Fedora Update System 2020-11-03 02:34:50 UTC
FEDORA-2020-d1a62979ee has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-d1a62979ee`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1a62979ee

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 30 Fedora Update System 2020-11-08 01:15:19 UTC
FEDORA-2020-9838e6305e has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 31 Fedora Update System 2020-11-11 01:31:40 UTC
FEDORA-2020-d1a62979ee has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 32 Fedora Update System 2020-11-21 01:44:50 UTC
FEDORA-2020-d2cae2fd30 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.