search

apple / cups

Apple CUPS Sources
https://www.cups.org
Apache License 2.0
1.91k stars 464 forks source link

Crash in gnome-cups-icon using libcupsys #2364

Closed michaelrsweet closed 17 years ago

michaelrsweet commented 17 years ago

Version: 1.2.7 CUPS.org User: palfrey

Original bug report is at http://bugzilla.gnome.org/show_bug.cgi?id=433237, but we appear to have narrowed it down to a crash in the CUPS code, so we're submitting this to here.

Stacktrace is below:

3

No symbol table info available.

4 0xb750bbf9 in _httpWriteGNUTLS (ptr=0xb69b4240, data=0x80d3330,

length=197) at http.c:2146

No locals.

5 0xb74a187c in _gnutls_io_write_buffered (session=0x809e818,

iptr=0x80d3330, n=197) at gnutls_buffers.c:812
    left = 197
    j = 0
    sum = 0
    retval = <value optimized out>
    i = 1
    ptr = (const opaque *) 0x80d3330 "\027\003\001"
    ret = <value optimized out>
    fd = (gnutls_transport_ptr_t) 0xb69b4240

6 0xb74a1e9a in _gnutls_io_write_buffered2 (session=0x809e818, iptr=0x0,

n=0, iptr2=0x80d3330, n2=197) at gnutls_buffers.c:904

No locals.

7 0xb749d98d in _gnutls_send_int (session=0x809e818,

type=GNUTLS_APPLICATION_DATA, htype=4294967295, _data=0x809df20, 
sizeofdata=150) at gnutls_record.c:423
    cipher_size = 197
    retval = <value optimized out>
    ret = <value optimized out>
    data2send_size = 150
    headers = "\027\003\001\000"

8 0xb749dbcd in gnutls_record_send (session=0x809e818, data=0x809df20,

sizeofdata=150) at gnutls_record.c:1115

No locals.

9 0xb750bc46 in http_write (http=0x809b758,

buffer=0x809df20 "POST / HTTP/1.1\r\nContent-Length: 75\r\nContent-Type:

application/ipp\r\nHost: cups-server.cs.kuleuven.be\r\nUser-Agent: CUPS/1.2.7\r\nExpect: 100-continue\r\n\r\nprinter-nameD", length=150) at http.c:3062 tbytes = 0 bytes =

10 0xb750bdae in httpFlushWrite (http=0x809b758) at http.c:558

    bytes = <value optimized out>

11 0xb750dd71 in http_send (http=0x809b758, request=HTTP_POST,

uri=0x80b0140 "/") at http.c:2497
    i = 27
    ptr = <value optimized out>
    buf = "/", '\0' <repeats 548 times>, "375", '\0' <repeats 92 times>,

"4a\"·\000\000\000\000\000\000\000\000ôÿ/·\000\000\000\000\000\000\000\000}m\"·ìð\231µ\210¾\t\b\207¿\t\b\fò\231µôÿ/·ìð\231µ\210¾\t\bØñ\231µÑ\t\"·ìð\231µAGR·\fò\231µ\210¾\t\b\000\000\000\000\214ñ\231µÿ\000\000\000\001\200­û\210¾\t\b\210¾\t\b\210¾\t\b\210¾\t\b\212¾\t\b\207¿\t\b\210¾\t\b\207¿\t\b", '\0' <repeats 20 times>, "P\0210·\000\000\000\000Ø\022\000\000\000\000\000\b\000\000\000\000\000\000\000\000P\0210·È\000\000\000\004\000\000\000\000\000"... codes = {0x0, 0xb7524940 "OPTIONS", 0xb75246a6 "GET", 0x0, 0xb7524948 "HEAD", 0xb752494d "POST", 0x0, 0x0, 0xb75246a2 "PUT", 0x0, 0xb7524952 "DELETE", 0xb7524959 "TRACE", 0xb752495f "CLOSE"} hex = "0123456789ABCDEF"

12 0xb751d144 in cupsDoFileRequest (http=0x809b758, request=0x80d2b08,

resource=0x80b0140 "/", filename=0x0) at request.c:178
    response = (ipp_t *) 0x0
    length = 75
    status = HTTP_ERROR
    got_status = 0
    state = <value optimized out>
    file = (FILE *) 0x0
    fileinfo = {st_dev = 7370710922, __pad1 = 11056,

st_ino = 3046797944, st_mode = 3074175456, st_nlink = 127, st_uid = 3074175456, st_gid = 3046798024, st_rdev = 577867786663446143, pad2 = 11056, st_size = -5360846065673175029, st_blksize = -1220108817, st_blocks = -5250475537993826304, st_atim = {tv_sec = -1220118194, tv_nsec = 135080752}, st_mtim = {tv_sec = 1, tv_nsec = 0}, st_ctim = { tv_sec = 135081784, tv_nsec = 20897}, st_ino = 13196734547036484864} bytes = buffer = '\0' <repeats 32444 times>, "\017{.·\000\000\000\000\017{.· \0210·!\021\000\000D\0210·D\0210·\000\000\000\000P\0210·¸\022", '\0' <repeats 18 times>, "Ëx\"·ôÿ/· \0210·\211ç\000\000\030r\232µ\a\237\"·", '\0' <repeats 28 times>, "h\0240·\003r\232µX\0240·X\0210·P\0210·\201\231\"·\000\000\000\000\000\000\000\000\001\b\000\000<\0210·P\0210·¸\022\000\000\003\000\000\000\023", '\0' <repeats 31 times>, "\030\000\000\000,\0210·", '\0' <repeats 12 times>, "(+\r\bX\000\000\000\000\000\000\000ø\a", '\0' <repeats 18 times>, "ôÿ/"... expect = HTTP_CONTINUE

13 0xb751d7b1 in cupsDoRequest (http=0x809b758, request=0x80d2b08,

resource=0x80b0140 "/") at request.c:451

No locals.

14 0xb7533a6f in request_thread_main (request=0x80d67c8, unused=0x0)

at gnome-cups-request.c:341
    status = <value optimized out>
    __PRETTY_FUNCTION__ = "request_thread_main"
michaelrsweet commented 17 years ago

CUPS.org User: mike

We'll need a backtrace against a debug build of CUPS, WITHOUT Debian changes applied, to diagnose this. The function in question is just does:

return (send(((http_t *)ptr)->fd, data, length, 0));

which probably means that GNUTLS is not supplying a valid ptr; given the value of "ptr" (b69b4240), I'm guessing that it ain't right (all of the other pointers are in the 80xxxxxx range...)

Have you run gnome-cups-icon through valgrind?

michaelrsweet commented 17 years ago

CUPS.org User: mike

This STR has not been updated by the submitter for two or more weeks and has been closed as required by the CUPS Configuration Management Plan. If the issue still requires resolution, please re-submit a new STR.