ipp backend crash in backendSNMPSupplies() #4284

Closed
michaelrsweet opened this Issue Feb 25, 2013 · 5 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Feb 25, 2013

Version: 1.5.4
CUPS.org User: jpopelka

Hi,

there's a backtrace [1] in downstream bug [2].
It shows that ipp backed called backendSNMPSupplies() with printer address (http_addr_t *addr) being NULL.
There's no error log or any other response from original user - probably meaning that he hasn't been able to reproduce the crash.

I'm attaching sanity check patch, which avoids the traceback. That's all I've been able to put together without any error_log.

[1] https://bugzilla.redhat.com/attachment.cgi?id=692637
[2] https://bugzilla.redhat.com/show_bug.cgi?id=907358

Collaborator

michaelrsweet commented Feb 25, 2013

CUPS.org User: mike

Jiri,

None of the callers should be passing a NULL address, since by the time we call backendSNMPSupplies we have already successfully gotten an address list.

The backtrace shows the call to backendSNMPSupplies from line 1914 of the IPP backend sources, but that is in the middle of the cancel_job function in the cups.org sources - what patches are applied to the Red Hat version of the 1.5.4 IPP backend?

Collaborator

michaelrsweet commented Feb 25, 2013

CUPS.org User: jpopelka

The backtrace shows the call to backendSNMPSupplies from line 1914 of the IPP backend sources,
but that is in the middle of the cancel_job function in the cups.org sources

That line equals to line 2045 in SVN trunk.
It's the second (of two) backendSNMPSupplies call in backend/ipp.c

what patches are applied to the Red Hat version of the 1.5.4 IPP backend?

(since you asked)
http://pkgs.fedoraproject.org/cgit/cups.git/plain/cups-ipp-no-create-job.patch?h=f18
http://pkgs.fedoraproject.org/cgit/cups.git/plain/cups-str4190.patch?h=f18
http://pkgs.fedoraproject.org/cgit/cups.git/plain/cups-str4194.patch?h=f18
http://pkgs.fedoraproject.org/cgit/cups.git/plain/cups-r10638.patch?h=f18
http://pkgs.fedoraproject.org/cgit/cups.git/plain/cups-eggcups.patch?h=f18

Collaborator

michaelrsweet commented Mar 8, 2013

CUPS.org User: mike

Fixed in Subversion repository.

The change is to use the first resolved address, just as for the initial SNMP query.

Collaborator

michaelrsweet commented Mar 8, 2013

"0001-backendSNMPSupplies-assert-addr-is-not-NULL.patch":

From 6d2f158f42f12dcc21e303fa3735320b5164ffca Mon Sep 17 00:00:00 2001
From: Jiri Popelka jpopelka@redhat.com
Date: Mon, 4 Feb 2013 17:38:04 +0100
Subject: [PATCH] backendSNMPSupplies(): assert addr is not NULL

RHBZ#907358

backend/snmp-supplies.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/snmp-supplies.c b/backend/snmp-supplies.c
index c669b5d..ddfc7d9 100644
--- a/backend/snmp-supplies.c
+++ b/backend/snmp-supplies.c
@@ -219,7 +219,10 @@ backendSNMPSupplies(
int printer_state) / O - Printer state */
{
if (!httpAddrEqual(addr, &current_addr))

  • backend_init_supplies(snmp_fd, addr);
  • if (!addr)
  •  return (-1);
    
  • else
  •  backend_init_supplies(snmp_fd, addr);
    

    else if (num_supplies > 0)
    _cupsSNMPWalk(snmp_fd, &current_addr, CUPS_SNMP_VERSION_1,
    _cupsSNMPDefaultCommunity(), prtMarkerSuppliesLevel,

    1.8.1
Collaborator

michaelrsweet commented Mar 8, 2013

"str4284.patch":

Index: backend/ipp.c

--- backend/ipp.c (revision 10886)
+++ backend/ipp.c (working copy)
@@ -2042,7 +2042,8 @@
*/

if (have_supplies &&

  •  !backendSNMPSupplies(snmp_fd, http->hostaddr, &page_count, NULL) &&
    
  •  !backendSNMPSupplies(snmp_fd, &(http->addrlist->addr), &page_count,
    
  •                       NULL) &&
    
    page_count > start_count)
    fprintf(stderr, "PAGE: total %d\n", page_count - start_count);

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment