Bug#907399: Logs with systemd-coredump
Hello,
I had a closer look to the core dump.
The backtrace shows as follows:
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007fd5463d62f1 in __GI_abort () at abort.c:79
#2 0x00007fd546417867 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd546521273 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007fd54641de0a in malloc_printerr (str=str@entry=0x7fd546522b90 "munmap_chunk(): invalid pointer") at malloc.c:5350
#4 0x00007fd54641e36c in munmap_chunk (p=<optimized out>) at malloc.c:2846
#5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814
(gdb) print DomainSocket
$1 = 0x564d381dd409 "/var/run/cups/cups.sock"
The lines in main function:
utils/cups-browsed.c
8467 #ifdef CUPS_DEFAULT_DOMAINSOCKET
8468 if (DomainSocket == NULL)
8469 DomainSocket = CUPS_DEFAULT_DOMAINSOCKET;
...
8813 if (DomainSocket != NULL)
8814 free(DomainSocket);
8815
8816 return ret;
Looks like CUPS_DEFAULT_DOMAINSOCKET is defined in ./config.h:
#define CUPS_DEFAULT_DOMAINSOCKET "/var/run/cups/cups.sock"
Therefore I assume we try to free the memory of a string literal,
that has to fail.
This looks like introduced in commit "Fixing covscan issues" [1].
Could not yet find an upstream bug report for this issue in [2].
A workaround could be to explicitly
configure DomainSocket in /etc/cups/cups-browsed.conf.
Kind regards,
Bernhard
[1] https://github.com/OpenPrinting/cups-filters/commit/fc6a67dfbfc7346e80bd48a0d6ddc858afcabcdf
https://github.com/OpenPrinting/cups-filters/pull/53
[2] https://github.com/OpenPrinting/cups-filters/issues
apt install devscripts dpkg-dev gdb lz4 cups-browsed-dbgsym mc
mkdir cups-browsed/orig -p
cd cups-browsed/orig
apt source cups-browsed
cd ../..
mkdir cups
cd cups
wget "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=907399;filename=core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000.lz4;msg=38"; -O core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000.lz4
unlz4 -k core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000.lz4
gdb -q /usr/sbin/cups-browsed --core core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000
set height 0
set width 0
set pagination off
directory /home/benutzer/cups-browsed/orig/cups-filters-1.21.1
benutzer@debian:~/cups$ gdb -q /usr/sbin/cups-browsed --core core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000
Reading symbols from /usr/sbin/cups-browsed...Reading symbols from /usr/lib/debug/.build-id/92/11537d40281e41394b4b4fc46a118c5997dfaa.debug...done.
done.
[New LWP 10180]
[New LWP 10181]
[New LWP 10182]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/cups-browsed'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0x7fd542fdeb00 (LWP 10180))]
(gdb) set height 0
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/cups-browsed/orig/cups-filters-1.21.1
Source directories searched: /home/benutzer/cups-browsed/orig/cups-filters-1.21.1:$cdir:$cwd
(gdb) bt full
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
set = {__val = {0, 11966690534043898880, 4, 281470681751424, 206158430232, 140726867839760, 30072307974, 14973365004415290, 21482373383, 206983541050, 14973365004415290, 47252308229, 124570895468, 588410521149, 90201587969, 7310017498960785199}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007fd5463d62f1 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0, 0, 0, 0, 64, 38654705664, 7, 144, 94889677680712, 176, 2065, 18446744073709551536, 2, 214748364809, 140726867839568, 140726867839856}}, sa_flags = -2030581168, sa_restorer = 0x1000}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fd546417867 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd546521273 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffd86f7cb80, reg_save_area = 0x7ffd86f7cb10}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007fd54641de0a in malloc_printerr (str=str@entry=0x7fd546522b90 "munmap_chunk(): invalid pointer") at malloc.c:5350
No locals.
#4 0x00007fd54641e36c in munmap_chunk (p=<optimized out>) at malloc.c:2846
size = <optimized out>
__PRETTY_FUNCTION__ = "munmap_chunk"
block = <optimized out>
total_size = <optimized out>
#5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814
ret = 0
http = <optimized out>
i = <optimized out>
val = <optimized out>
p = <optimized out>
proxy = <optimized out>
error = 0x0
subscription_id = 2365
action = {__sigaction_handler = {sa_handler = 0x564d381cc360 <sigusr2_handler>, sa_sigaction = 0x564d381cc360 <sigusr2_handler>}, sa_mask = {__val = {2048, 0 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x0}
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007fd5463d62f1 in __GI_abort () at abort.c:79
#2 0x00007fd546417867 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd546521273 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007fd54641de0a in malloc_printerr (str=str@entry=0x7fd546522b90 "munmap_chunk(): invalid pointer") at malloc.c:5350
#4 0x00007fd54641e36c in munmap_chunk (p=<optimized out>) at malloc.c:2846
#5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814
(gdb) up
#5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814
8814 free(DomainSocket);
(gdb) print DomainSocket
$1 = 0x564d381dd409 "/var/run/cups/cups.sock"
384 static char *DomainSocket = NULL;
8457 /* Point to selected CUPS server or domain socket via the CUPS_SERVER
8458 environment variable or DomainSocket configuration file option.
8459 Default to localhost:631 (and not to CUPS default to override
8460 client.conf files as cups-browsed works only with a local CUPS
8461 daemon, not with remote ones. */
8462 if (getenv("CUPS_SERVER") != NULL) {
8463 strncpy(local_server_str, getenv("CUPS_SERVER"), sizeof(local_server_str));
8464 if (strlen(getenv("CUPS_SERVER")) > 1023)
8465 local_server_str[1023] = '\0';
8466 } else {
8467 #ifdef CUPS_DEFAULT_DOMAINSOCKET
8468 if (DomainSocket == NULL)
8469 DomainSocket = CUPS_DEFAULT_DOMAINSOCKET;
8470 #endif
8471 if (DomainSocket != NULL) {
8472 struct stat sockinfo; /* Domain socket information */
8473 if (strcasecmp(DomainSocket, "None") != 0 &&
8474 strcasecmp(DomainSocket, "Off") != 0 &&
8475 !stat(DomainSocket, &sockinfo) &&
8476 (sockinfo.st_mode & S_IROTH) != 0 &&
8477 (sockinfo.st_mode & S_IWOTH) != 0)
8478 strncpy(local_server_str, DomainSocket, sizeof(local_server_str));
8479 else
8480 strncpy(local_server_str, "localhost:631", sizeof(local_server_str));
8481 } else
8482 strncpy(local_server_str, "localhost:631", sizeof(local_server_str));
8483 setenv("CUPS_SERVER", local_server_str, 1);
8484 }
8736 fail:
8813 if (DomainSocket != NULL)
8814 free(DomainSocket);
8815
8816 return ret;
./config.h:#define CUPS_DEFAULT_DOMAINSOCKET "/var/run/cups/cups.sock"
Looks like introduced here: Fixing covscan issues
https://github.com/OpenPrinting/cups-filters/commit/fc6a67dfbfc7346e80bd48a0d6ddc858afcabcdf
Reply to: