Bug#820474: marked as done (cups-filters: texttopdf seg faults if comment in prettyprinted source file ends with keyword)

Thu, 13 Oct 2016 14:52:21 -0700 

Your message dated Thu, 13 Oct 2016 22:49:32 +0100
with message-id <13102016224524.1ec843dfa...@desktop.copernicus.org.uk>
and subject line Re: Bug#820474: cups-filters: texttopdf seg faults if comment 
in prettyprinted source file ends with keyword
has caused the Debian Bug report #820474,
regarding cups-filters: texttopdf seg faults if comment in prettyprinted source 
file ends with keyword
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
820474: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: cups-filters
Version: 1.0.61-5+deb8u3
Severity: normal
Tags: patch

Dear Maintainer,

   * What led up to the situation?

   Occasionally when prettyprinting files using CUPS results in a hung
   print job and no output.  A recent small example occurred which
   allowed creation of a small test case to demonstrate the problem.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

   $ echo "//if" > a.c
   $ lpr -p a.c

   * What was the outcome of this action?

   No output on printer, print job gets stuck in queue.

   * What outcome did you expect instead?

   Pretty printed version of the above one line file.

Some digging in the cups log files revealed that
/usr/lib/cups/filter/texttopdf seg faults.  The error can be
reproduced direclty with the following command:

   $ echo "//if" | CONTENT_TYPE=application/x-csource 
/usr/lib/cups/filter/texttopdf 123 username a.c 1 "prettyprint" > a.c.pdf

Debugging with gdb, the local array "names", having 3 elements, in
filters/texttopdf.c:write_font_str is being indexed with a value of 3
because both bold and italic are active at the newline.

In filters/textcommon.c there are four places that look up keywords,
only one ensures that italics are not active when searching for a
keyword:

              if (!(attr & ATTR_ITALIC) &&
                  bsearch(&keyptr, Keywords, NumKeywords, sizeof(char *),
                          compare_keywords))

The attached patch adds the attribute check to the other three
searches which prevents the seg fault - that is, texttopdf runs to
completion and generates a printable PDF.

-- System Information:
Debian Release: 8.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cups-filters depends on:
ii  bc                         1.06.95-9
ii  cups-filters-core-drivers  1.0.61-5+deb8u3
ii  ghostscript                9.06~dfsg-2+deb8u1
ii  libc6                      2.19-18+deb8u4
ii  libcups2                   1.7.5-11+deb8u1
ii  libcupsfilters1            1.0.61-5+deb8u3
ii  libcupsimage2              1.7.5-11+deb8u1
ii  libfontconfig1             2.11.0-6.3
ii  libfontembed1              1.0.61-5+deb8u3
ii  libgcc1                    1:4.9.2-10
ii  libijs-0.35                0.35-10
ii  liblcms2-2                 2.6-3+b3
ii  libpoppler46               0.26.5-2
ii  libqpdf13                  5.1.2-2
ii  libstdc++6                 4.9.2-10

Versions of packages cups-filters recommends:
ii  colord  1.2.1-1+b2

Versions of packages cups-filters suggests:
pn  foomatic-db-compressed-ppds | foomatic-db  <none>

-- no debconf information

--- cups-filters-1.0.61/filter/textcommon.c	2016-04-08 10:48:07.000000000 -0700
+++ /tmp/cups-filters-1.0.61/filter/textcommon.c	2016-04-08 10:37:26.000000000 -0700
@@ -735,7 +735,8 @@
 	    *keyptr = '\0';
 	    keyptr  = keyword;
 
-	    if (bsearch(&keyptr, Keywords, NumKeywords, sizeof(char *),
+	    if (!(attr & ATTR_ITALIC) &&
+		bsearch(&keyptr, Keywords, NumKeywords, sizeof(char *),
 	                compare_keywords))
             {
 	     /*
@@ -807,7 +808,8 @@
 	    *keyptr = '\0';
 	    keyptr  = keyword;
 
-	    if (bsearch(&keyptr, Keywords, NumKeywords, sizeof(char *),
+	    if (!(attr & ATTR_ITALIC) &&
+		bsearch(&keyptr, Keywords, NumKeywords, sizeof(char *),
 	                compare_keywords))
             {
 	     /*
@@ -861,7 +863,8 @@
 	    *keyptr = '\0';
 	    keyptr  = keyword;
 
-	    if (bsearch(&keyptr, Keywords, NumKeywords, sizeof(char *),
+	    if (!(attr & ATTR_ITALIC) &&
+		bsearch(&keyptr, Keywords, NumKeywords, sizeof(char *),
 	                compare_keywords))
             {
 	     /*

--- End Message ---
--- Begin Message --- 
On Thu 13 Oct 2016 at 13:20:13 -0700, Jim Uhl wrote:

> Hi Brian,
> 
>      Thanks very much for the follow up.  I have tested cups-filters
> version 1.11.4-1 on an installation of Debian unstable and it does,
> indeed, fix the problem.  Please close this bug.

Hello Jim,

In the light of both our investigations I will do as you request.

Thanks for your help,

Brian.

--- End Message ---

Reply via email to