Created attachment 1887776 [details] Part or cups logs with problem at rastertokpsl on fedora 36 Created attachment 1887776 [details] Part or cups logs with problem at rastertokpsl on fedora 36 !!! ... июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] envp[25]=\"PRINTER_STATE_REASONS=none\" июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] envp[26]=\"CUPS_FILETYPE=document\" июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] envp[27]=\"FINAL_CONTENT_TYPE=application/vnd.cups-raster\" июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] envp[28]=\"AUTH_INFO_REQUIRED=none\" июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] Start rendering... июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] Set job-printer-state-message to "Start rendering...", current level=INFO июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] Processing page 1... июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] Set job-printer-state-message to "Processing page 1...", current level=INFO июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] /usr/lib/cups/filter/rastertokpsl-fixed: line 4: 117128 Segmentation fault <--------------------- июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] PID 117121 (/usr/lib/cups/filter/rastertokpsl-fixed) stopped with status 139 (Directory not empty) июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] Hint: Try setting the LogLevel to "debug" to find out more. июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] PID 117122 (/usr/lib/cups/backend/socket) exited with no errors. июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] Processing page 2... июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] Rendering completed июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] PID 117120 (/usr/lib/cups/filter/gstoraster) exited with no errors. июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] End of messages июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] printer-state=3(idle) июн 07 14:31:48 AmCave cupsd[1372]: [Job 130] printer-state-message="Rendering completed" ... Description of problem: After upgrade Fedora 35 to Fedora 36 my printer Kyocera FS-1125MFP don't printing. Cause of problem - segfault of driver component rastertokpsl (proprietary part of kyocera printer driver) On new-installed Fedora-36 problem also present; On Fedora-35 program don't crashed - printing work correctly. Version-Release number of selected component (if applicable): - Fedora 36 - Kyocera LinuxDrv 1.1203 FS-1x2xMFP How reproducible: I make two new installs of Fedora 36 and one upgrade FC35 to FC36 - and catch problem. I has a two machine with Ubuntu 22 and two machines with Fedora 35 also - on this systems same driver work correctly. Steps to Reproduce: 1. Install new clean Fedora 36 or upgrade Fedora 35 to Fedora 36. 2. Install drivers for Kyocera FS-1125MFP (rastertokpsl backend) - Driver from printer's manufacturer: https://www.kyoceradocumentsolutions.ru/content/download-center/ru/drivers/all/LinuxDrv_1_1203_FS_1x2xMFP_zip.download.zip - If need, apply fixer for job-names (problem with non-latin symbols in job-name ?): https://github.com/lurepheonix/rastertokpsl-fs-1040/blob/master/rastertokpsl-fixed 3. Try print and catch segfault in system logs. Actual results: rastertokpsl crashed, print fail. Expected results: rastertokpsl run correctly, print OK. Additional info: ### Crash of rastertokpsl in journalctl -a at printing ### июн 07 14:31:47 AmCave systemd-coredump[117131]: [🡕] Process 117128 (rastertokpsl) of user 4 dumped core. Module linux-vdso.so.1 with build-id bbfba337e4ff5782c225df596fd0560be96d05f2 Module libgpg-error.so.0 with build-id a53c231739d55cc39b97e28c36cd8b3e58a8f8f8 Metadata for module libgpg-error.so.0 owned by FDO found: { "type" : "rpm", "name" : "libgpg-error", "version" : "1.45-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libgcc_s.so.1 with build-id 1e82df1fa0e0de4d8382b75c0fa730e0672f1a47 Module libgcrypt.so.20 with build-id ab80eae398f8814c7dc7bfc27fa3724491a47294 Stack trace of thread 117128: #0 0x00007f6e8411eebd _cupsRasterClearError (libcups.so.2 + 0x4aebd) #1 0x00007f6e8411ef10 _cupsRasterNew (libcups.so.2 + 0x4af10) #2 0x0000000000406cdf n/a (rastertokpsl + 0x6cdf) #3 0x00007f6e841a2550 __libc_start_call_main (libc.so.6 + 0x29550) #4 0x00007f6e841a2609 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29609) #5 0x000000000040799d n/a (rastertokpsl + 0x799d) ELF object binary architecture: AMD x86-64 # ldd /usr/lib/cups/filter/rastertokpsl linux-vdso.so.1 (0x00007ffcc71d7000) libcupsimage.so.2 => /lib64/libcupsimage.so.2 (0x00007fb783d80000) libm.so.6 => /lib64/libm.so.6 (0x00007fb783ca2000) libc.so.6 => /lib64/libc.so.6 (0x00007fb783aa1000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb783a9c000) libcups.so.2 => /lib64/libcups.so.2 (0x00007fb7839fc000) /lib64/ld-linux-x86-64.so.2 (0x00007fb783da8000) libavahi-common.so.3 => /lib64/libavahi-common.so.3 (0x00007fb7839ee000) libavahi-client.so.3 => /lib64/libavahi-client.so.3 (0x00007fb7839d7000) libgnutls.so.30 => /lib64/libgnutls.so.30 (0x00007fb7837b8000) libz.so.1 => /lib64/libz.so.1 (0x00007fb78379e000) libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007fb783749000) libp11-kit.so.0 => /lib64/libp11-kit.so.0 (0x00007fb783614000) libidn2.so.0 => /lib64/libidn2.so.0 (0x00007fb7835f3000) libunistring.so.2 => /lib64/libunistring.so.2 (0x00007fb783439000) libtasn1.so.6 => /lib64/libtasn1.so.6 (0x00007fb783421000) libnettle.so.8 => /lib64/libnettle.so.8 (0x00007fb7833d5000) libhogweed.so.6 => /lib64/libhogweed.so.6 (0x00007fb783392000) libgmp.so.10 => /lib64/libgmp.so.10 (0x00007fb7832ed000) libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007fb783210000) libffi.so.8 => /lib64/libffi.so.8 (0x00007fb783202000) liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fb7831d7000) libzstd.so.1 => /lib64/libzstd.so.1 (0x00007fb783124000) liblz4.so.1 => /lib64/liblz4.so.1 (0x00007fb783100000) libcap.so.2 => /lib64/libcap.so.2 (0x00007fb7830f6000) libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x00007fb782fb9000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fb782f97000) libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007fb782f71000 # cat /usr/lib/cups/filter/rastertokpsl-fixed #!/bin/bash jobname=$(echo $3 | egrep -o '[[:alnum:]]' | tr -d '\n' | tail -c 20) path=/usr/lib/cups/filter $path/rastertokpsl "$1" "$2" "$jobname" "$4" "$5" How to fix or make workaround of this bug ?
Created attachment 1887777 [details] strace of rastertokpsl on fedora 36 strace /usr/lib/cups/filter/rastertokpsl 1 4 test1 1 "" ~/dead.letter
Created attachment 1887780 [details] Correct strace of same file on Fedora 35
On Fedora-35 ldd Fedora-35 # ldd /usr/lib/cups/filter/rastertokpsl linux-vdso.so.1 (0x00007ffdbc8d7000) libcupsimage.so.2 => /lib64/libcupsimage.so.2 (0x00007ff172823000) libm.so.6 => /lib64/libm.so.6 (0x00007ff172747000) libc.so.6 => /lib64/libc.so.6 (0x00007ff17253f000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ff17253a000) libcups.so.2 => /lib64/libcups.so.2 (0x00007ff17249b000) /lib64/ld-linux-x86-64.so.2 (0x00007ff172840000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007ff172444000) libavahi-common.so.3 => /lib64/libavahi-common.so.3 (0x00007ff172434000) libavahi-client.so.3 => /lib64/libavahi-client.so.3 (0x00007ff17241f000) libgnutls.so.30 => /lib64/libgnutls.so.30 (0x00007ff172206000) libz.so.1 => /lib64/libz.so.1 (0x00007ff1721ec000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007ff17210e000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007ff1720f6000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007ff1720ed000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007ff1720dc000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007ff1720d5000) libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007ff171de7000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007ff171dd3000) libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007ff171d81000) libp11-kit.so.0 => /lib64/libp11-kit.so.0 (0x00007ff171c4d000) libidn2.so.0 => /lib64/libidn2.so.0 (0x00007ff171c2c000) libunistring.so.2 => /lib64/libunistring.so.2 (0x00007ff171aa7000) libtasn1.so.6 => /lib64/libtasn1.so.6 (0x00007ff171a8f000) libnettle.so.8 => /lib64/libnettle.so.8 (0x00007ff171a45000) libhogweed.so.6 => /lib64/libhogweed.so.6 (0x00007ff171a02000) libgmp.so.10 => /lib64/libgmp.so.10 (0x00007ff17195d000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007ff171932000) libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007ff171860000) libffi.so.6 => /lib64/libffi.so.6 (0x00007ff171855000) libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007ff1717b9000) liblzma.so.5 => /lib64/liblzma.so.5 (0x00007ff17178b000) libzstd.so.1 => /lib64/libzstd.so.1 (0x00007ff1716dc000) liblz4.so.1 => /lib64/liblz4.so.1 (0x00007ff1716b8000) libcap.so.2 => /lib64/libcap.so.2 (0x00007ff1716ae000) libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x00007ff171572000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007ff171557000) libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007ff17152f000) + Add strace for same file on fedora 35 - attachment 1887780 [details] + sha256sum /usr/lib/cups/filter/rastertokpsl 6e41448d7430652e3939e4aeab461003e793146c7ff2e376853bc71c8dde3fb8 /usr/lib/cups/filter/rastertokpsl + sha1sum /usr/lib/cups/filter/rastertokpsl 2aceda00ea64863e50adca9279a97e7dd76393c4 /usr/lib/cups/filter/rastertokpsl + md5sum /usr/lib/cups/filter/rastertokpsl 08e1128d43b2faec443bc19d5f751417 /usr/lib/cups/filter/rastertokpsl
Hi Amin, thank you for reporting the issue and investigation! The segfault happens because _cupsGlobals() gets an invalid pointer from pthread library, but I'm not sure why - I will try to investigate further. I consulted the issue with my senior colleague and he brought me on track that there can be conflict with other library using pthread - and it seems to be triggered by the following changes in CUPS: From 038ceabd05ead6c77d5e20e0972eb2872a82c5c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Correa=20G=C3=B3mez?= <ablocorrea> Date: Sun, 17 Oct 2021 00:09:16 +0200 Subject: [PATCH] Use thread-safe getpwnam_r and getpwuid_r in multi-threaded code getpwnam and getpwuid are thread-unsafe and potentially dangerous in multi-threaded code. Substitue all their occurrences in multi-threaded code with getpwnam_r and getpwuid_r, which are thread-safe. --- cups/auth.c | 6 ++++-- cups/cups-private.h | 5 +++++ cups/globals.c | 8 +++++--- cups/usersys.c | 21 +++++++++++---------- 4 files changed, 25 insertions(+), 15 deletions(-) diff --git a/cups/auth.c b/cups/auth.c index 177eec8ce..dd6bd63f0 100644 --- a/cups/auth.c +++ b/cups/auth.c @@ -1087,12 +1087,14 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ * Verify that the current cupsUser() matches the current UID... */ - struct passwd *pwd; /* Password information */ + struct passwd pwd; /* Password information */ + struct passwd *result; /* Auxiliary pointer */ const char *username; /* Current username */ username = cupsUser(); - if ((pwd = getpwnam(username)) != NULL && pwd->pw_uid == getuid()) + getpwnam_r(username, &pwd, cg->pw_buf, PW_BUF_SIZE, &result); + if (result && pwd.pw_uid == getuid()) { httpSetAuthString(http, "PeerCred", username); diff --git a/cups/cups-private.h b/cups/cups-private.h index cf2559d95..06ad2c3bc 100644 --- a/cups/cups-private.h +++ b/cups/cups-private.h @@ -85,6 +85,11 @@ typedef struct _cups_globals_s /**** CUPS global state data ****/ *cups_statedir, /* CUPS_STATEDIR environment var */ *home, /* HOME environment var */ *localedir; /* LOCALDIR environment var */ +#ifndef _WIN32 +#define PW_BUF_SIZE 16384 /* As per glibc manual page */ + char pw_buf[PW_BUF_SIZE]; + /* Big buffer for struct passwd buffers */ +#endif /* adminutil.c */ time_t cupsd_update; /* Last time we got or set cupsd.conf */ diff --git a/cups/globals.c b/cups/globals.c index a25902562..3105f13ba 100644 --- a/cups/globals.c +++ b/cups/globals.c @@ -325,10 +325,12 @@ cups_globals_alloc(void) if (!cg->home) { - struct passwd *pw; /* User info */ + struct passwd pw; /* User info */ + struct passwd *result; /* Auxiliary pointer */ - if ((pw = getpwuid(getuid())) != NULL) - cg->home = _cupsStrAlloc(pw->pw_dir); + getpwuid_r(getuid(), &pw, cg->pw_buf, PW_BUF_SIZE, &result); + if (result) + cg->home = _cupsStrAlloc(pw.pw_dir); } #endif /* _WIN32 */ diff --git a/cups/usersys.c b/cups/usersys.c index a9386e7f1..5e19c0ca6 100644 --- a/cups/usersys.c +++ b/cups/usersys.c @@ -1256,9 +1256,10 @@ cups_finalize_client_conf( * Try the USER environment variable as the default username... */ - const char *envuser = getenv("USER"); - /* Default username */ - struct passwd *pw = NULL; /* Account information */ + const char *envuser = getenv("USER"); /* Default username */ + struct passwd pw; /* Account information */ + struct passwd *result = NULL; /* Auxiliary pointer */ + _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ if (envuser) { @@ -1267,16 +1268,16 @@ cups_finalize_client_conf( * override things... This makes sure that printing after doing su * or sudo records the correct username. */ - - if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid()) - pw = NULL; + getpwnam_r(envuser, &pw, cg->pw_buf, PW_BUF_SIZE, &result); + if (result && pw.pw_uid != getuid()) + result = NULL; } - if (!pw) - pw = getpwuid(getuid()); + if (!result) + getpwuid_r(getuid(), &pw, cg->pw_buf, PW_BUF_SIZE, &result); - if (pw) - strlcpy(cc->user, pw->pw_name, sizeof(cc->user)); + if (result) + strlcpy(cc->user, pw.pw_name, sizeof(cc->user)); else #endif /* _WIN32 */ { After I revert this change, your filter does not crash.
Wow. That actions can help to solve this issue at near time ? - Reinstall cups and cups-filters from rawhide ? - Build cups manually with revert this changes /* more difficult ? */ ? - Simply wait until fix will applied ? /* Can require more time ? */ I can make additional tests if need.
I've tried a different allocation methods for pw_buf in new functions, but all don't work. Glibc maintainers, would you mind reviewing the patch at https://bugzilla.redhat.com/show_bug.cgi?id=2094530#c4 whether there is a mistake? Do you have an idea why switching to the thread safe functions in the library can start causing segfaults of a binary using it? Thank you in advance for any advice!
I'm sorry for assigning this to glibc, but I don't know about a better way how to set NEEDINFO for a correct person who currently works on the component. Please reassign back once you answer, thank you!
The new code seems to assume that even if getpwnam_r fails, result is set to NULL: + struct passwd pwd; /* Password information */ + struct passwd *result; /* Auxiliary pointer */ const char *username; /* Current username */ username = cupsUser(); + getpwnam_r(username, &pwd, cg->pw_buf, PW_BUF_SIZE, &result); + if (result && pwd.pw_uid == getuid()) I'm not sure if this is the case. The usual ERANGE retry loop is missing as well.
(In reply to Amin from comment #1) > Created attachment 1887777 [details] > strace of rastertokpsl on fedora 36 > > strace /usr/lib/cups/filter/rastertokpsl 1 4 test1 1 "" ~/dead.letter Using valgrind might help pinpoint the origin of the issue: valgrind --track-origins=yes /usr/lib/cups/filter/rastertokpsl 1 4 test1 1 "" ~/dead.letter
Moving back to cups based on comment 8. Please let me know if you have further questions. Thanks.
Nowtime rastertokpsl crashed too on Fedora 36 with fiull updates. Valgring output : # valgrind --track-origins=yes /usr/lib/cups/filter/rastertokpsl 1 4 test1 1 "" ~/dead.letter ==237396== Memcheck, a memory error detector ==237396== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==237396== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info ==237396== Command: /usr/lib/cups/filter/rastertokpsl 1 4 test1 1 /root/dead.letter ==237396== ==237396== Invalid read of size 8 ==237396== at 0x4BACEBD: _cupsRasterClearError (raster-error.c:104) ==237396== by 0x4BACF0F: _cupsRasterNew (raster-stream.c:449) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5758 is 13,096 bytes inside an unallocated block of size 3,976,112 in arena "client" ==237396== ==237396== Invalid write of size 8 ==237396== at 0x4BACEC4: _cupsRasterClearError (raster-error.c:104) ==237396== by 0x4BACF0F: _cupsRasterNew (raster-stream.c:449) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5760 is 13,104 bytes inside an unallocated block of size 3,976,112 in arena "client" ==237396== ==237396== Invalid read of size 8 ==237396== at 0x4BAC576: _cupsRasterAddError (raster-error.c:53) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5768 is 11,128 bytes inside an unallocated block of size 3,974,128 in arena "client" ==237396== ==237396== Invalid read of size 8 ==237396== at 0x4BAC57D: _cupsRasterAddError (raster-error.c:53) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5760 is 11,120 bytes inside an unallocated block of size 3,974,128 in arena "client" ==237396== ==237396== Invalid read of size 8 ==237396== at 0x4BAC58F: _cupsRasterAddError (raster-error.c:63) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5758 is 11,112 bytes inside an unallocated block of size 3,974,128 in arena "client" ==237396== ==237396== Invalid read of size 8 ==237396== at 0x4BAC5B7: _cupsRasterAddError (raster-error.c:78) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5760 is 9,952 bytes inside an unallocated block of size 3,972,960 in arena "client" ==237396== ==237396== Invalid write of size 8 ==237396== at 0x4BAC5C1: _cupsRasterAddError (raster-error.c:77) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5768 is 9,960 bytes inside an unallocated block of size 3,972,960 in arena "client" ==237396== ==237396== Invalid read of size 8 ==237396== at 0x4BAC5CB: _cupsRasterAddError (raster-error.c:78) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5758 is 9,944 bytes inside an unallocated block of size 3,972,960 in arena "client" ==237396== ==237396== Invalid write of size 8 ==237396== at 0x4BAC5D2: _cupsRasterAddError (raster-error.c:79) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5758 is 9,944 bytes inside an unallocated block of size 3,972,960 in arena "client" ==237396== ==237396== Invalid write of size 8 ==237396== at 0x4BAC5D9: _cupsRasterAddError (raster-error.c:78) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5760 is 9,952 bytes inside an unallocated block of size 3,972,960 in arena "client" ==237396== ==237396== Invalid read of size 8 ==237396== at 0x4BAC657: _cupsRasterAddError (raster-error.c:87) ==237396== by 0x4BAD1B5: _cupsRasterNew (raster-stream.c:488) ==237396== by 0x406CDE: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Address 0x56d5760 is 9,952 bytes inside an unallocated block of size 3,972,960 in arena "client" ==237396== ==237396== Conditional jump or move depends on uninitialised value(s) ==237396== at 0x484BC63: __strncpy_sse2_unaligned (vg_replace_strmem.c:603) ==237396== by 0x409856: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x4071E7: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== by 0x498454F: (below main) (libc_start_call_main.h:58) ==237396== Uninitialised value was created by a stack allocation ==237396== at 0x409800: ??? (in /usr/lib/cups/filter/rastertokpsl) ==237396== @@@@010042022080517290D@@@@test10C@@@@0S@@@@0G@@@@XX 0P@@@@0F@@@@0E@@@@0T@@@@INFO: Ready to print. ==237396== ==237396== HEAP SUMMARY: ==237396== in use at exit: 7,482 bytes in 2 blocks ==237396== total heap usage: 1,407 allocs, 1,405 frees, 132,896 bytes allocated ==237396== ==237396== LEAK SUMMARY: ==237396== definitely lost: 1,090 bytes in 1 blocks ==237396== indirectly lost: 0 bytes in 0 blocks ==237396== possibly lost: 0 bytes in 0 blocks ==237396== still reachable: 6,392 bytes in 1 blocks ==237396== suppressed: 0 bytes in 0 blocks ==237396== Rerun with --leak-check=full to see details of leaked memory ==237396== ==237396== For lists of detected and suppressed errors, rerun with: -s ==237396== ERROR SUMMARY: 13 errors from 12 contexts (suppressed: 0 from 0) P.S. Nowtime i see only one repeatable and enough easy way to fix this - reinstall Fedora 35 back. Has anyone another ideas how to bypass this problem ? P.S.S. kyocera binary driver such old (2012 year) and can't work with print-jobs with spaces|new-string in job-name. For reliable printing modified PPD must be used, which run original driver through this wrapper-script: # cat /usr/lib/cups/filter/rastertokpsl-fixed #!/bin/bash jobname=$(echo $3 | egrep -o '[[:alnum:]]' | tr -d '\n' | tail -c 20) path=/usr/lib/cups/filter $path/rastertokpsl "$1" "$2" "$jobname" "$4" "$5" Does can help statically-files / LD-preload or another magic ? // I don't want make rollback to Fedora 35, really. Thank you all who try help solving this issue.
I create simplest TXT-file with string '123' (only 3 bytes) - even on this file driver crashed # echo '123' > ~/123.txt # /usr/lib/cups/filter/rastertokpsl 1 4 test1 1 "" ~/123.txt Segmentation fault (core dumped)
This message is a reminder that Fedora Linux 36 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '36'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 36 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Ok, so we were able to get to the bottom of this issue upstream - it happens because rastertokpsl is built with partial copy of CUPS source (cups-private.h especially), but it tries to use system libcups on the real system. This way even private API/ABI is exposed and if the sequence of struct members changes, the binary using the ABI breaks. The fix is to move the new array in structure to the end as it is done in https://github.com/OpenPrinting/cups/issues/619 (even though it shouldn't be needed - private API/ABI is not to be used...), the fix will be in the newest CUPS version (will be released in month at most).
FEDORA-2023-fa7bac0197 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-fa7bac0197
FEDORA-2023-d212cc5f13 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d212cc5f13
FEDORA-2023-fa7bac0197 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-fa7bac0197` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-fa7bac0197 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-d212cc5f13 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-d212cc5f13` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-d212cc5f13 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-fa7bac0197 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-d212cc5f13 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.