Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#954315: rastertopwg segfault
45 views
Skip to first unread message
Hideki Yamane
Mar 19, 2020, 11:40:03 PM3/19/20
to
Package: cups
Version: 2.3.1-11
Severity: important
Dear Maintainer,
I cannot print some pdf files with cups, it gets an error with rastertopwg
segfault.
3月 20 11:53:04 tiny kernel: rastertopwg[31898]: segfault at 0 ip 00007f7a61751671 sp 00007ffe7eb46428 error 4 in libc-2.30.so[7f7a61618000+14a000]
3月 20 11:53:04 tiny kernel: Code: 84 00 00 00 00 00 0f 1f 00 31 c0 c5 f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 89 f9 48 89 fa c5 f9 ef c0 83 e1 3f 83 f9 20 77 1f <c5> fd 74 0f c5 fd d7 c1 85 c0 0f 85 df 00 00 00 48 83 c7 20 83 e1
3月 20 11:53:04 tiny systemd[1]: Started Process Core Dump (PID 31916/UID 0).
3月 20 11:53:05 tiny systemd-coredump[31917]: Process 31898 (rastertopwg) of user 0 dumped core.
Stack trace of thread 31898:
#0 0x00007f7a61751671 __strlen_avx2 (libc.so.6 + 0x15e671)
#1 0x00007f7a618032f9 _cups_strlcpy (libcups.so.2 + 0x4d2f9)
#2 0x000055a058ca1a36 main (rastertopwg + 0x1a36)
#3 0x00007f7a61619e0b __libc_start_main (libc.so.6 + 0x26e0b)
#4 0x000055a058ca21aa _start (rastertopwg + 0x21aa)
--------------------------------------------------------------------------------
henrich@tiny:~ $ LANG=C gdb /usr/lib/cups/filter/rastertopwg dump
GNU gdb (Debian 9.1-2) 9.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/cups/filter/rastertopwg...
Reading symbols from /usr/lib/debug/.build-id/f6/625381c79c26618988e474ae2e419e5b4222bc.debug...
[New LWP 40096]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `ipp://Photosmart%205520%20series%20%5BEB8411%5D._ipp._tcp.local/ 32 henrich 202'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
65 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
(gdb)
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cups depends on:
ii cups-client 2.3.1-11
ii cups-common 2.3.1-11
ii cups-core-drivers 2.3.1-11
ii cups-daemon 2.3.1-11
ii cups-filters 1.27.2-1
ii cups-ppdc 2.3.1-11
ii cups-server-common 2.3.1-11
ii debconf [debconf-2.0] 1.5.73
ii ghostscript 9.52~dfsg-1
ii libavahi-client3 0.7-5
ii libavahi-common3 0.7-5
ii libc6 2.30-2
ii libcups2 2.3.1-11
ii libgcc-s1 10-20200312-2
ii libstdc++6 10-20200312-2
ii libusb-1.0-0 2:1.0.23-2
ii poppler-utils 0.71.0-6
ii procps 2:3.3.16-4
Versions of packages cups recommends:
ii avahi-daemon 0.7-5
ii colord 1.4.4-1
Versions of packages cups suggests:
ii cups-bsd 2.3.1-11
pn cups-pdf <none>
ii foomatic-db-compressed-ppds [foomatic-db] 20200219-1
pn smbclient <none>
ii udev 245.2-1
-- debconf information:
cupsys/backend: lpd, socket, usb, snmp, dnssd
cupsys/raw-print: true
Version: 2.3.1-11
Severity: important
Dear Maintainer,
I cannot print some pdf files with cups, it gets an error with rastertopwg
segfault.
3月 20 11:53:04 tiny kernel: rastertopwg[31898]: segfault at 0 ip 00007f7a61751671 sp 00007ffe7eb46428 error 4 in libc-2.30.so[7f7a61618000+14a000]
3月 20 11:53:04 tiny kernel: Code: 84 00 00 00 00 00 0f 1f 00 31 c0 c5 f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 89 f9 48 89 fa c5 f9 ef c0 83 e1 3f 83 f9 20 77 1f <c5> fd 74 0f c5 fd d7 c1 85 c0 0f 85 df 00 00 00 48 83 c7 20 83 e1
3月 20 11:53:04 tiny systemd[1]: Started Process Core Dump (PID 31916/UID 0).
3月 20 11:53:05 tiny systemd-coredump[31917]: Process 31898 (rastertopwg) of user 0 dumped core.
Stack trace of thread 31898:
#0 0x00007f7a61751671 __strlen_avx2 (libc.so.6 + 0x15e671)
#1 0x00007f7a618032f9 _cups_strlcpy (libcups.so.2 + 0x4d2f9)
#2 0x000055a058ca1a36 main (rastertopwg + 0x1a36)
#3 0x00007f7a61619e0b __libc_start_main (libc.so.6 + 0x26e0b)
#4 0x000055a058ca21aa _start (rastertopwg + 0x21aa)
--------------------------------------------------------------------------------
henrich@tiny:~ $ LANG=C gdb /usr/lib/cups/filter/rastertopwg dump
GNU gdb (Debian 9.1-2) 9.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/cups/filter/rastertopwg...
Reading symbols from /usr/lib/debug/.build-id/f6/625381c79c26618988e474ae2e419e5b4222bc.debug...
[New LWP 40096]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `ipp://Photosmart%205520%20series%20%5BEB8411%5D._ipp._tcp.local/ 32 henrich 202'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
65 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
(gdb)
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cups depends on:
ii cups-client 2.3.1-11
ii cups-common 2.3.1-11
ii cups-core-drivers 2.3.1-11
ii cups-daemon 2.3.1-11
ii cups-filters 1.27.2-1
ii cups-ppdc 2.3.1-11
ii cups-server-common 2.3.1-11
ii debconf [debconf-2.0] 1.5.73
ii ghostscript 9.52~dfsg-1
ii libavahi-client3 0.7-5
ii libavahi-common3 0.7-5
ii libc6 2.30-2
ii libcups2 2.3.1-11
ii libgcc-s1 10-20200312-2
ii libstdc++6 10-20200312-2
ii libusb-1.0-0 2:1.0.23-2
ii poppler-utils 0.71.0-6
ii procps 2:3.3.16-4
Versions of packages cups recommends:
ii avahi-daemon 0.7-5
ii colord 1.4.4-1
Versions of packages cups suggests:
ii cups-bsd 2.3.1-11
pn cups-pdf <none>
ii foomatic-db-compressed-ppds [foomatic-db] 20200219-1
pn smbclient <none>
ii udev 245.2-1
-- debconf information:
cupsys/backend: lpd, socket, usb, snmp, dnssd
cupsys/raw-print: true
Till Kamppeter
Mar 20, 2020, 9:40:03 AM3/20/20
to
We need a way to reproduce the bug and also a backtrace with line
numbers of the source files.
So please attach the PDF input file which leads to the crash. Also
attach your printer's PPD file, from the /etc/cups/ppd/ directory, named
by the name of your print queue.
Please also try to reproduce the crash with the "cupsfilter" command:
cupsfilter -p /etc/cups/ppd/QUEUE.ppd -i application/pdf -m
printer/QUEUE -e FILE.pdf > out
Running only a part of the filter chain you can get the data which is
fed into rastertopwg:
cupsfilter -p /etc/cups/ppd/QUEUE.ppd -i application/pdf -m
application/vnd.cups-raster -e FILE.pdf > out.raster
Now you can run rastertopwg isolated:
ulimit -c unlimited
cat out.raster | PPD=/etc/cups/ppd/QUEUE.ppd
/usr/lib/cups/filter/rastertopwg 1 1 1 1 "" > out
and get a backtrace:
gdb -c core /usr/lib/cups/filter/rastertopwg
Use the "bt" command at the prompt of gdb. Please post the backtrace here.
Till
numbers of the source files.
So please attach the PDF input file which leads to the crash. Also
attach your printer's PPD file, from the /etc/cups/ppd/ directory, named
by the name of your print queue.
Please also try to reproduce the crash with the "cupsfilter" command:
cupsfilter -p /etc/cups/ppd/QUEUE.ppd -i application/pdf -m
printer/QUEUE -e FILE.pdf > out
Running only a part of the filter chain you can get the data which is
fed into rastertopwg:
cupsfilter -p /etc/cups/ppd/QUEUE.ppd -i application/pdf -m
application/vnd.cups-raster -e FILE.pdf > out.raster
Now you can run rastertopwg isolated:
ulimit -c unlimited
cat out.raster | PPD=/etc/cups/ppd/QUEUE.ppd
/usr/lib/cups/filter/rastertopwg 1 1 1 1 "" > out
and get a backtrace:
gdb -c core /usr/lib/cups/filter/rastertopwg
Use the "bt" command at the prompt of gdb. Please post the backtrace here.
Till
Bernhard Übelacker
Mar 20, 2020, 10:20:03 AM3/20/20
to
Hello,
the stack trace should look like this with line numbers, if it helps:
0x00007...671 in __strlen_avx2 at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
0x00007...2f4 in _cups_strlcpy at string.c:739
0x00005...a31 in main at rastertopwg.c:274
0x00007...e09 in __libc_start_main at ../csu/libc-start.c:308
0x00005...1a4 <_start+36>
https://sources.debian.org/src/cups/2.3.1-11/cups/string.c/#L739
https://sources.debian.org/src/cups/2.3.1-11/filter/rastertopwg.c/#L274
Kind regards,
Bernhard
the stack trace should look like this with line numbers, if it helps:
0x00007...671 in __strlen_avx2 at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
0x00007...2f4 in _cups_strlcpy at string.c:739
0x00005...a31 in main at rastertopwg.c:274
0x00007...e09 in __libc_start_main at ../csu/libc-start.c:308
0x00005...1a4 <_start+36>
https://sources.debian.org/src/cups/2.3.1-11/cups/string.c/#L739
https://sources.debian.org/src/cups/2.3.1-11/filter/rastertopwg.c/#L274
Kind regards,
Bernhard
Till Kamppeter
Mar 20, 2020, 11:30:03 AM3/20/20
to
First, this is definitely a CUPS upstream bug, so please report it on
the CUPS GitHub, also supplying all the information which you have
gathered and attaching the files which I had asked for.
https://github.com/apple/cups/issues/
Probably it can be solved by adding a simple NULL check.
At line 273 of rastertopwg.c replace
if (pwg_media)
strlcpy(outheader.cupsPageSizeName, pwg_media->pwg,
sizeof(outheader.cupsPageSizeName));
by
if (pwg_media && pwg_media->pwg)
strlcpy(outheader.cupsPageSizeName, pwg_media->pwg,
sizeof(outheader.cupsPageSizeName));
Please try it if you are familiar with source code and compiling. Tell
your result here and also in the upstream bug you are reporting.
Till
the CUPS GitHub, also supplying all the information which you have
gathered and attaching the files which I had asked for.
https://github.com/apple/cups/issues/
Probably it can be solved by adding a simple NULL check.
At line 273 of rastertopwg.c replace
if (pwg_media)
strlcpy(outheader.cupsPageSizeName, pwg_media->pwg,
sizeof(outheader.cupsPageSizeName));
by
if (pwg_media && pwg_media->pwg)
strlcpy(outheader.cupsPageSizeName, pwg_media->pwg,
sizeof(outheader.cupsPageSizeName));
Please try it if you are familiar with source code and compiling. Tell
your result here and also in the upstream bug you are reporting.
Till
Bernhard Übelacker
Mar 20, 2020, 11:40:03 AM3/20/20
to
Hello Till,
I am not the initial reporter of the issue and I cannot reproduce it,
therefore cannot test the suggested change.
Just tried to share my results.
Kind regards,
Bernhard
I am not the initial reporter of the issue and I cannot reproduce it,
therefore cannot test the suggested change.
Just tried to share my results.
Kind regards,
Bernhard
Brian Potkin
Sep 9, 2021, 6:40:03 AM9/9/21
to
tags 954315 moreinfo
thanks
On Fri 20 Mar 2020 at 12:34:00 +0900, Hideki Yamane wrote:
> Package: cups
> Version: 2.3.1-11
> Severity: important
>
> Dear Maintainer,
>
> I cannot print some pdf files with cups, it gets an error with rastertopwg
> segfault.
>
> 3月 20 11:53:04 tiny kernel: rastertopwg[31898]: segfault at 0 ip 00007f7a61751671 sp 00007ffe7eb46428 error 4 in libc-2.30.so[7f7a61618000+14a000]
> 3月 20 11:53:04 tiny kernel: Code: 84 00 00 00 00 00 0f 1f 00 31 c0 c5 f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 89 f9 48 89 fa c5 f9 ef c0 83 e1 3f 83 f9 20 77 1f <c5> fd 74 0f c5 fd d7 c1 85 c0 0f 85 df 00 00 00 48 83 c7 20 83 e1
> 3月 20 11:53:04 tiny systemd[1]: Started Process Core Dump (PID 31916/UID 0).
> 3月 20 11:53:05 tiny systemd-coredump[31917]: Process 31898 (rastertopwg) of user 0 dumped core.
>
> Stack trace of thread 31898:
> #0 0x00007f7a61751671 __strlen_avx2 (libc.so.6 + 0x15e671)
> #1 0x00007f7a618032f9 _cups_strlcpy (libcups.so.2 + 0x4d2f9)
> #2 0x000055a058ca1a36 main (rastertopwg + 0x1a36)
> #3 0x00007f7a61619e0b __libc_start_main (libc.so.6 + 0x26e0b)
> #4 0x000055a058ca21aa _start (rastertopwg + 0x21aa)
>
> --------------------------------------------------------------------------------
Hello Hideki,
How are you progressing with this issue using the present cups in
unstable?
Regards,
Brian.
thanks
On Fri 20 Mar 2020 at 12:34:00 +0900, Hideki Yamane wrote:
> Package: cups
> Version: 2.3.1-11
> Severity: important
>
> Dear Maintainer,
>
> I cannot print some pdf files with cups, it gets an error with rastertopwg
> segfault.
>
> 3月 20 11:53:04 tiny kernel: rastertopwg[31898]: segfault at 0 ip 00007f7a61751671 sp 00007ffe7eb46428 error 4 in libc-2.30.so[7f7a61618000+14a000]
> 3月 20 11:53:04 tiny kernel: Code: 84 00 00 00 00 00 0f 1f 00 31 c0 c5 f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 89 f9 48 89 fa c5 f9 ef c0 83 e1 3f 83 f9 20 77 1f <c5> fd 74 0f c5 fd d7 c1 85 c0 0f 85 df 00 00 00 48 83 c7 20 83 e1
> 3月 20 11:53:04 tiny systemd[1]: Started Process Core Dump (PID 31916/UID 0).
> 3月 20 11:53:05 tiny systemd-coredump[31917]: Process 31898 (rastertopwg) of user 0 dumped core.
>
> Stack trace of thread 31898:
> #0 0x00007f7a61751671 __strlen_avx2 (libc.so.6 + 0x15e671)
> #1 0x00007f7a618032f9 _cups_strlcpy (libcups.so.2 + 0x4d2f9)
> #2 0x000055a058ca1a36 main (rastertopwg + 0x1a36)
> #3 0x00007f7a61619e0b __libc_start_main (libc.so.6 + 0x26e0b)
> #4 0x000055a058ca21aa _start (rastertopwg + 0x21aa)
>
> --------------------------------------------------------------------------------
How are you progressing with this issue using the present cups in
unstable?
Regards,
Brian.
Hideki Yamane
Sep 12, 2021, 12:10:04 PM9/12/21
to
On Thu, 9 Sep 2021 10:51:32 +0100
Brian Potkin <clarem...@gmail.com> wrote:
> How are you progressing with this issue using the present cups in
> unstable?
Well, I can have some time for Debian in next week, so will check
Brian Potkin <clarem...@gmail.com> wrote:
> How are you progressing with this issue using the present cups in
> unstable?
later. Thanks for head up! :)
--
Regards,
Hideki Yamane henrich @ debian.org/iijmio-mail.jp
0 new messages