Closed Bug 1836764 Opened 1 year ago Closed 1 year ago

Top Crash in [@ cupsCopyDest] due to bug in CUPS v2.4.3

Categories

(Core :: Printing: Setup, defect)

Product:
Core
Component:
Printing: Setup
Platform:
Unspecified
Linux
Type:
defect

Tracking

()

Status:
RESOLVED MOVED

People

(Reporter: mccr8, Assigned: emilio)

References

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/cdb8f717-b626-427c-bee2-fc84f0230605

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0  libc.so.6  __strcasecmp_l_avx2  /usr/src/debug/glibc/glibc/sysdeps/x86_64/multiarch/strcmp-avx2.S:283
1  libcups.so.2  cupsCopyDest  
2  libcups.so.2  _cupsSNMPWalk  
3  libcups.so.2  cupsGetNamedDest  
4  libxul.so  nsPrinterListCUPS::SystemDefaultPrinterName const  widget/nsPrinterListCUPS.cpp:220
5  libxul.so  NS_InvokeByIndex  
6  libxul.so  CallMethodHelper::Invoke  js/xpconnect/src/XPCWrappedNative.cpp:1627
6  libxul.so  CallMethodHelper::Call  js/xpconnect/src/XPCWrappedNative.cpp:1180
6  libxul.so  XPCWrappedNative::CallMethod  js/xpconnect/src/XPCWrappedNative.cpp:1126
7  libxul.so  XPCWrappedNative::GetAttribute  js/xpconnect/src/xpcprivate.h:1450

Null deref in a call to strcasecmp. The Gecko code is here:

  // Passing in nullptr for the name will return the default, if any.
  cups_dest_t* dest =
      CupsShim().cupsGetNamedDest(CUPS_HTTP_DEFAULT, /* name */ nullptr,
                                  /* instance */ nullptr);

Maybe passing in null for a string isn't working the way the comment expects in some circumstances?

OS: Unspecified → Linux

First crash report at 2023-06-01 17:22:16. Related to a package update.

Reported distributions:
Antergos Linux
Arch Linux
Arch Linux (Timestamp: 2023-06-02 08:22 | Kernel: 6.3.5)
Archcraft
ArcoLinux
Crystal Linux
EndeavourOS Linux
Garuda Linux
Linux
Manjaro Linux

Julien, do you have a pointer how to check for package updates?

status-firefox114: --- → affected
status-firefox115: --- → affected
status-firefox116: --- → affected
tracking-firefox114: --- → ?
Flags: needinfo?(jcristau)
Summary: Crash in [@ cupsCopyDest] → Top Crash in [@ cupsCopyDest]

https://github.com/OpenPrinting/cups/releases/tag/v2.4.3 was released on June 1st, so that seems like a plausible cause.

Flags: needinfo?(jcristau)

I can repro this on my laptop.

Flags: needinfo?(emilio)
Severity: -- → S2

Fixed upstream.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED

Let's close this as RESOLVED|MOVED (to https://github.com/OpenPrinting/cups/pull/720 ), since the bug and the patch was in external software, not shipping in mozilla-central or particular Firefox versions.

(Clearing status-* and tracking flags for the same reason.)

status-firefox114: affected → ---
status-firefox115: affected → ---
status-firefox116: affected → ---
tracking-firefox114: ? → ---
Resolution: FIXED → MOVED
Summary: Top Crash in [@ cupsCopyDest] → Top Crash in [@ cupsCopyDest] due to bug in CUPS v2.4.3
You need to log in before you can comment on or make changes to this bug.