RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 608070 - [abrt] crash in system-config-printer-1.1.18-2.fc12 when pressing "Reset" on number of copies
Summary: [abrt] crash in system-config-printer-1.1.18-2.fc12 when pressing "Reset" on ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: system-config-printer
Version: 6.0
Hardware: i686
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Tim Waugh
QA Contact: Petr Sklenar
URL:
Whiteboard: abrt_hash:6d612da01e4603072752565de05...
Depends On: 584991
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-25 15:16 UTC by Tim Waugh
Modified: 2011-12-06 15:31 UTC (History)
5 users (show)

Fixed In Version: system-config-printer-1.1.16-18.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 584991
Environment:
Last Closed: 2011-12-06 15:31:45 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1638 0 normal SHIPPED_LIVE system-config-printer bug fix update 2011-12-06 00:50:40 UTC

Description Tim Waugh 2010-06-25 15:16:38 UTC 
This bug is present in Red Hat Enterprise Linux 6 as well, by code inspection.

+++ This bug was initially created as a clone of Bug #584991 +++

abrt 1.0.8 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: python /usr/share/system-config-printer/system-config-printer.py
component: system-config-printer
executable: /usr/bin/python
kernel: 2.6.32.11-99.fc12.i686
package: system-config-printer-1.1.18-2.fc12
rating: 4
reason: Process /usr/bin/python was killed by signal 11 (SIGSEGV)
release: Fedora release 12 (Constantine)

How to reproduce
-----
1.Change Job Options on default printer to 30 copies
2.Print job
3.Click "Reset" on number of copies to return value to 1
4.Click "Apply"
5.Close printer properties window - abrt notification appears

--- Additional comment from ewc on 2010-04-22 16:35:25 EDT ---

Created an attachment (id=408441)
File: backtrace

--- Additional comment from jpopelka on 2010-04-23 03:46:45 EDT ---

I was not able to reproduce the crash.
Are you able to reproduce it again ?

--- Additional comment from ewc on 2010-04-23 09:21:57 EDT ---

Yes but not always, problem seems to occur about 8 out of 10 times. abrt reports an error (notification icon appears), but does not generate a new traceback. This is within a print job involving 14 batches of 30 copies each and I have done testing by resetting after every send to printer.

The problem never occurs when changing number of printed copies from 1 to 30, but only appears when pressing "reset" and then either "apply" or "okay". I have not tried rolling number back down from 30 to 1 (and my print job is done so I won't have the opportunity to test that).

At times, the problem appears at authentication time (the Authentication window opens but does not complete, stays grey), then Authentication, Printer Properties, and Printer Configuration windows all close with abrt notification. Other times Authentication window does not appear at all (there is a timeout for this? which has not been reached?), but other two windows close with abrt notification. Yet other times, number of copy change appears to work okay in Printer Properties window and I can close that window okay, but then abrt notification occurs when I close Printer Configuration window.

--- Additional comment from twaugh on 2010-04-23 11:52:08 EDT ---

Let's try running it under valgrind.  Please run this from a terminal window:

valgrind --log-file=valgrind.txt python \
  /usr/share/system-config-printer/system-config-printer.py

(Warning -- it will be slow!)

Please attach the valgrind.txt file even if you can't get it to crash in the same way.

(I've tried running it under valgrind here and don't see anything unusual...)

--- Additional comment from ewc on 2010-04-23 13:02:39 EDT ---

Created an attachment (id=408676)
generated under valgrind

Ran under valgrind 3 times: changed number of copies from 1 to 30, clicked "ok", then re-opened Printer Properties window, clicked "reset" then "ok". Then closed Printer Configuration window. No crashes. Each time, content/length of valgrind.txt was different.

Because three valgrind.txt files were different and no crash, and because crashes occurred when resetting copies back to 1 from 30, I ran Printer Configuration the usual way (from control panel) to change number of copies from 1 to 30. Then I ran Printer Configuration again but under valgrind to reset copies from 30 to 1. Got request for authorization both times, with no crash. Valgrind.txt file attached is output from this last run.

I have renamed output files from each of the earlier runs and can supply them if required.

--- Additional comment from twaugh on 2010-05-19 11:47:08 EDT ---

OK, so this is quite noisy because some parts of Python always seem to generate warnings with valgrind.  But there are some interesting bits, which I found by searching for 'cups.so'.  Here is one:

==10425== Invalid write of size 1
==10425==    at 0xAFDC3C: _IO_default_xsputn (in /lib/libc-2.11.1.so)
==10425==    by 0xAD02ED: vfprintf (in /lib/libc-2.11.1.so)
==10425==    by 0xB82AC6: __vsprintf_chk (in /lib/libc-2.11.1.so)
==10425==    by 0xB82A0C: __sprintf_chk (in /lib/libc-2.11.1.so)
==10425==    by 0x580D0CF: ??? (in /usr/lib/python2.6/site-packages/cups.so)
==10425==    by 0x7DE8089: PyCFunction_Call (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DA780C: PyObject_Call (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7E42FF7: PyEval_EvalFrameEx (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7E45EE9: PyEval_EvalCodeEx (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DD4387: ??? (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DA780C: PyObject_Call (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7E42FF7: PyEval_EvalFrameEx (in /usr/lib/libpython2.6.so.1.0)
==10425==  Address 0x75be753 is 0 bytes after a block of size 11 alloc'd
==10425==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==10425==    by 0x580D091: ??? (in /usr/lib/python2.6/site-packages/cups.so)
==10425==    by 0x7DE8089: PyCFunction_Call (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DA780C: PyObject_Call (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7E42FF7: PyEval_EvalFrameEx (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7E45EE9: PyEval_EvalCodeEx (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DD4387: ??? (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DA780C: PyObject_Call (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7E42FF7: PyEval_EvalFrameEx (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7E45EE9: PyEval_EvalCodeEx (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DD4387: ??? (in /usr/lib/libpython2.6.so.1.0)
==10425==    by 0x7DA780C: PyObject_Call (in /usr/lib/libpython2.6.so.1.0)

Unfortunately you didn't have system-config-printer-debuginfo installed, or else valgrind decided not to find any symbols for cups.so, so we just have this:

==10425==    at 0xAFDC3C: _IO_default_xsputn (in /lib/libc-2.11.1.so)
==10425==    by 0xAD02ED: vfprintf (in /lib/libc-2.11.1.so)
==10425==    by 0xB82AC6: __vsprintf_chk (in /lib/libc-2.11.1.so)
==10425==    by 0xB82A0C: __sprintf_chk (in /lib/libc-2.11.1.so)
==10425==    by 0x580D0CF: ??? (in /usr/lib/python2.6/site-packages/cups.so)

But luckily there are only two places in pycups that use sprintf, and I found a bug in one of them. :-)

The bug was like this:

const char *const suffix = "-default";
...
optionlen = strlen (option);
p = malloc (optionlen + sizeof (suffix) + 1);
memcpy (p, option, optionlen);
sprintf (p + optionlen, suffix);

Here, suffix should have been declared like this:

const char const suffix[] = "-default";

i.e. an automatic array, where sizeof(suffix) tells us the string length.  As it was declared as a pointer, sizeof() just tells us the size of a pointer.  Coincidentally, the string length (8) is the same as the pointer size on the architecture I'm using here (x86_64), so it wasn't possible for me to reproduce the error.  You're using a 32-bit platform though, so our malloc size is 4 bytes too short.

I've built a system-config-printer package incorporating this fix.  Could you please give it a go?  Fetch all the packages for your architecture and then run:

yum update --nogpgcheck system-config-printer*1.1.19-2.fc12*

http://koji.fedoraproject.org/koji/buildinfo?buildID=174174

--- Additional comment from twaugh on 2010-06-25 11:14:15 EDT ---

*ping*
Comment 1 RHEL Program Management 2010-06-25 15:22:54 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 4 Suzanne Logcher 2011-02-15 21:39:26 UTC 
This issue was proposed for RHEL 6.1 FasTrack but did not get resolved in time.
It has been moved to RHEL 6.2 FasTrack.
Comment 6 Suzanne Logcher 2011-02-15 22:03:02 UTC 
This issue was proposed for RHEL 6.1 FasTrack but did not get resolved in time.
It has been moved to RHEL 6.2 FasTrack.
Comment 12 Petr Sklenar 2011-08-09 13:02:20 UTC 
there is still issue with system-config-printer-1.1.16-17.el6.i686:

test procedure:
1, s-c-p
2, properties for any printer
3, Job Options
for i in `1 .. xy`;do
4, copies 30 and hit Apply
5, reset and hit Apply
done

results:
system-config-printer
Segmentation fault (core dumped)

/var/log/message
Aug  9 08:54:32 dhcp-25-113 kernel: python[28197]: segfault at 69706f6f ip 005550f0 sp bf9397cc error 4 in libc-2.12.so[4e6000+18a000]
Aug  9 08:54:33 dhcp-25-113 abrt[28201]: saved core dump of pid 28197 (/usr/bin/python) to /var/spool/abrt/ccpp-1312894472-28197.new/coredump (36950016 bytes)
Aug  9 08:54:33 dhcp-25-113 abrtd: Directory 'ccpp-1312894472-28197' creation detected
Aug  9 08:54:34 dhcp-25-113 abrtd: New crash /var/spool/abrt/ccpp-1312894472-28197, processing
Aug  9 08:55:30 dhcp-25-113 abrtd: Getting crash infos...
Comment 13 Petr Sklenar 2011-08-09 13:06:18 UTC 
(In reply to comment #12)
> there is still issue with system-config-printer-1.1.16-17.el6.i686:
I am sorry I just reproduced the issue with old version, new works well so far with many iteration.

Please ignore Comment 12
Comment 15 errata-xmlrpc 2011-12-06 15:31:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1638.html
Note You need to log in before you can comment on or make changes to this bug.