Bug 1889794 - cups-browsed crashes on startup
Summary: cups-browsed crashes on startup
Keywords:
Status: CLOSED DUPLICATE of bug 1881365
Alias: None
Product: Fedora
Classification: Fedora
Component: cups-filters
Version: 32
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Zdenek Dohnal
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-20 15:06 UTC by Ian Collier
Modified: 2020-10-21 09:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-21 09:39:16 UTC
Type: Bug


Attachments (Terms of Use)

Description Ian Collier 2020-10-20 15:06:48 UTC
When I start cups-browsed, this happens:

Thread 1 "cups-browsed" received signal SIGSEGV, Segmentation fault.
0x00007ffff7b9f7e9 in ppdCreateFromIPP2 (
    buffer=0x7fffffffbd80 "/tmp/009a45f9b9a02", bufsize=<optimized out>, 
    response=0x55555564edc0, make_model=<optimized out>, pdl=<optimized out>, 
    color=1, duplex=1, conflicts=0x0, sizes=0x555555752fa0, 
    default_pagesize=0x0, default_cluster_color=0x0)
    at cupsfilters/ppdgenerator.c:2227
2227          *suffix = '\0';
(gdb) print (char*)&ppdname
$76 = 0x7fffffff9290 "A4"

The code is trying to remove a ".Borderless" suffix from a name that
doesn't have one, and this leads to a null pointer dereference.
(BTW I believe "sizes" is null on entry to this function and gets
set later.)

I don't know how this comes about - if you need me to generate any
more debug data about the printer which is trying to be added, please
let me know what to do.

Version tested: cups-filters-libs-1.28.2-2.fc32.x86_64

Comment 1 Zdenek Dohnal 2020-10-21 09:39:16 UTC
Hi Ian,

thank you for reporting the issue!

Actually I'm investigating this issue in https://bugzilla.redhat.com/show_bug.cgi?id=1881365 , would you mind joining the discussion there?

I reached the same conclusion as you and provided unofficial hotfix for the original reporter, but I'm still not sure how the execution got there.

The original reporter doesn't seem to have much time to debug, so would you mind providing the info mentioned in the ticket?

You will need to find out the value of 'uri' variable in 'update_cups_queues()' function, when the segfault happens, and then update GDB script attached to the ticket accordingly.

I'm not sure how experienced you are with debugging in GDB, so if you need my help with it, please let me know.

*** This bug has been marked as a duplicate of bug 1881365 ***


Note You need to log in before you can comment on or make changes to this bug.