Dear Maintainer,
I could reproduce this issue too.
Attached is a valgrind run showing one invalid write
and a gdb session showing the issue.
It looks like mallocs management data, which resides in the 8 bytes
before a returned pointer, gets overwritten and therefore
the free fails because "mchunk_size" is then 0.
Kind regards,
Bernhard
Old value = 6057
New value = 0
__memcpy_neon () at ../sysdeps/arm/armv7/multiarch/memcpy_impl.S:295
warning: Source file is more recent than executable.
295 tst count, #4
1: compressBuf = <error: current stack frame does not contain a variable
named `this'>
2: /x *(int*)(0x7f5f43e8-4) = 0x0
(gdb) bt
#0 __memcpy_neon () at ../sysdeps/arm/armv7/multiarch/memcpy_impl.S:295
#1 0x7f55b8d2 in memcpy (__len=379, __src=<optimized out>,
__dest=<optimized out>) at
/usr/include/arm-linux-gnueabihf/bits/string_fortified.h:34
#2 Mode9::Process (this=0x7f5e0e70, input=0x7f5e0e84) at
prnt/hpcups/Mode9.cpp:405
#3 0x7f562de0 in Pipeline::Process (raster=<optimized out>,
this=0x7f5d7340) at prnt/hpcups/Pipeline.cpp:79
#4 Pipeline::Execute (this=0x7f5d7340, InputRaster=<optimized out>) at
prnt/hpcups/Pipeline.cpp:79
#5 0x7f562e02 in Pipeline::Execute (this=0x7f5e6b88,
InputRaster=<optimized out>) at prnt/hpcups/Pipeline.cpp:83
#6 0x7f562e02 in Pipeline::Execute (this=0x7f5e6b70,
InputRaster=<optimized out>) at prnt/hpcups/Pipeline.cpp:83
#7 0x7f55a20a in HPCupsFilter::processRasterData (this=0x7f5b87c4
<filter>, cups_raster=<optimized out>) at prnt/hpcups/HPCupsFilter.cpp:766
#8 0x7f55a6ee in HPCupsFilter::StartPrintJob (this=0x7f5b87c4 <filter>,
argc=6, argv=0xbefff7b4) at prnt/hpcups/HPCupsFilter.cpp:584
#9 0xb6bd9a20 in __libc_start_main (main=0x7f5587d1 <main(int, char**)>,
argc=6, argv=0xbefff7b4, init=<optimized out>, fini=0x7f56ed5d
<__libc_csu_fini>, rtld_fini=0xb6fe1075 <_dl_fini>, stack_end=0xbefff7b4) at
libc-start.c:308
#10 0x7f55889c in _start () at prnt/hpcups/HPCupsFilter.cpp:919
https://sources.debian.org/src/hplip/3.20.5+dfsg0-3/prnt/hpcups/Mode9.cpp/#L405
# Bullseye/testing chroot 2020-10-23 running on Android/LineageOS kernel
apt update
apt dist-upgrade
apt install mc htop psmisc net-tools strace sshfs wget gdb gdbserver cups
printer-driver-hpcups printer-driver-hpcups-dbgsym
apt build-dep libc6
root@localhost:~# lscpu
Architecture: armv7l
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0
Off-line CPU(s) list: 1-3
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
Vendor ID: Qualcomm
Model: 0
Model name: Krait
Stepping: 0x1
CPU max MHz: 1728,0000
CPU min MHz: 384,0000
BogoMIPS: 13.50
Flags: swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4
idiva idivt
root@localhost:~# uname -a
Linux localhost 3.4.113-g2fff5b1955c0 #1 SMP PREEMPT Sun Mar 8 06:23:52 CST
2020 armv7l GNU/Linux
groupadd -g 3001 aid_net_bt_admin
groupadd -g 3002 aid_net_bt
groupadd -g 3003 aid_inet
groupadd -g 3004 aid_net_raw
groupadd -g 3005 aid_net_admin
groupadd -g 3006 aid_net_bw_stats
groupadd -g 3007 aid_net_bw_acct
groupadd -g 3008 aid_net_bt_stack
usermod -G 3003,3004 -a root
usermod -G 3003 -a benutzer
usermod -g 3003 -G 3003,3004 -a _apt
root@localhost:~# dpkg -l | grep driver-hpcups
ii printer-driver-hpcups 3.20.5+dfsg0-3+b1 armhf
HP Linux Printing and Imaging - CUPS Raster driver (hpcups)
ii printer-driver-hpcups-dbgsym 3.20.5+dfsg0-3+b1 armhf
debug symbols for printer-driver-hpcups
mkdir /home/benutzer/source/libc6/orig -p
cd /home/benutzer/source/libc6/orig
apt source libc6
cd
wget
https://sources.debian.org/data/main/h/hplip/3.20.9+dfsg0-3/ppd/hpcups/hp-officejet_pro_1150c.ppd
gzip hp-officejet_pro_1150c.ppd
export PPD=/home/benutzer/hp-officejet_pro_1150c.ppd.gz
/usr/lib/cups/filter/pdftopdf 1 debian '' 1 ''
</usr/share/cups/data/default-testpage.pdf >print_step_1.pdf
/usr/lib/cups/filter/gstoraster 1 debian '' 1 '' <print_step_1.pdf
>print_step_2.raster
/usr/lib/cups/filter/hpcups 1 debian '' 1 '' <print_step_2.raster
>print_step_3.hpcups
/usr/bin/gdbserver localhost:6666 /usr/lib/cups/filter/hpcups 1 debian '' 1
'' <print_step_2.raster >print_step_3.hpcups
gdb -q
set width 0
set pagination off
target remote localhost:6666
cont
benutzer@localhost:~$ /usr/bin/gdbserver localhost:6666
/usr/lib/cups/filter/hpcups 1 debian x 1 x <print_step_2.raster
>print_step_3.hpcups
Process /usr/lib/cups/filter/hpcups created; pid = 9723
Listening on port 6666
Remote debugging from host ::1, port 42055
STATE: -marker-supply-low-warning
PAGE: 1 1
free(): invalid pointer
benutzer@localhost:~$ gdb -q
(gdb) set width 0
(gdb) set pagination off
(gdb) target remote localhost:6666
Remote debugging using localhost:6666
Reading /usr/lib/cups/filter/hpcups from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to
access files locally instead.
Reading /usr/lib/cups/filter/hpcups from remote target...
Reading symbols from target:/usr/lib/cups/filter/hpcups...
Reading /usr/lib/cups/filter/25b6b40d5874920ba6c57ce85bb60b35661f71.debug from
remote target...
Reading
/usr/lib/cups/filter/.debug/25b6b40d5874920ba6c57ce85bb60b35661f71.debug from
remote target...
Reading
/usr/lib/debug//usr/lib/cups/filter/25b6b40d5874920ba6c57ce85bb60b35661f71.debug
from remote target...
Reading
/usr/lib/debug/usr/lib/cups/filter//25b6b40d5874920ba6c57ce85bb60b35661f71.debug
from remote target...
Reading
target:/usr/lib/debug/usr/lib/cups/filter//25b6b40d5874920ba6c57ce85bb60b35661f71.debug
from remote target...
(No debugging symbols found in target:/usr/lib/cups/filter/hpcups)
Reading /lib/ld-linux-armhf.so.3 from remote target...
Reading /lib/ld-linux-armhf.so.3 from remote target...
Reading symbols from target:/lib/ld-linux-armhf.so.3...
Reading symbols from
/usr/lib/debug/.build-id/57/fd3af960eb7a2864df305a64a665e5a8c25750.debug...
0xb6fd5a80 in _start () from target:/lib/ld-linux-armhf.so.3
(gdb) cont
Continuing.
Reading /lib/arm-linux-gnueabihf/libjpeg.so.62 from remote target...
...
Reading
target:/usr/lib/debug/lib/arm-linux-gnueabihf//5673b0f41b07865f82a15c45bfb7e387b9a226.debug
from remote target...
Program received signal SIGABRT, Aborted.
__libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
47 ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: Datei oder
Verzeichnis nicht gefunden.
(gdb) bt
#0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
#1 0xb6be8dd0 in __libc_signal_restore_set (set=0xbefff314) at
../sysdeps/unix/sysv/linux/internal-signals.h:86
#2 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xb6bd97a2 in __GI_abort () at abort.c:79
#4 0xb6c11c56 in __libc_message (action=action@entry=do_abort, fmt=<optimized
out>) at ../sysdeps/posix/libc_fatal.c:155
#5 0xb6c16c32 in malloc_printerr (str=<optimized out>) at malloc.c:5347
#6 0xb6c17b14 in _int_free (av=<optimized out>, p=0x7f5f43e0, have_lock=0) at
malloc.c:4173
#7 0x7f55b12c in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) generate-core-file /tmp/core-1
warning: target file /proc/9723/cmdline contained unexpected null characters
Saved corefile /tmp/core-1
benutzer@localhost:~$ gdb -q /usr/lib/cups/filter/hpcups --core /tmp/core-1
Reading symbols from /usr/lib/cups/filter/hpcups...
Reading symbols from
/usr/lib/debug/.build-id/20/25b6b40d5874920ba6c57ce85bb60b35661f71.debug...
[New LWP 9723]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Core was generated by `/usr/lib/cups/filter/hpcups'.
Program terminated with signal SIGABRT, Aborted.
#0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
47 ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: Datei oder
Verzeichnis nicht gefunden.
(gdb) bt
#0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
#1 0xb6be8dd0 in __libc_signal_restore_set (set=0xbefff314) at
../sysdeps/unix/sysv/linux/internal-signals.h:86
#2 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xb6bd97a2 in __GI_abort () at abort.c:79
#4 0xb6c11c56 in __libc_message (action=action@entry=do_abort, fmt=<optimized
out>) at ../sysdeps/posix/libc_fatal.c:155
#5 0xb6c16c32 in malloc_printerr (str=<optimized out>) at malloc.c:5347
#6 0xb6c17b14 in _int_free (av=<optimized out>, p=0x7f5f43e0, have_lock=0) at
malloc.c:4173
#7 0x7f55b12c in Compressor::~Compressor (this=0x7f5e0e70,
__in_chrg=<optimized out>) at prnt/hpcups/Compressor.cpp:52
#8 0x7f55b6a8 in Mode9::~Mode9 (this=0x7f5e0e70, __in_chrg=<optimized out>) at
prnt/hpcups/Mode9.cpp:51
#9 Mode9::~Mode9 (this=0x7f5e0e70, __in_chrg=<optimized out>) at
prnt/hpcups/Mode9.cpp:52
#10 0x7f56289e in Job::~Job (this=0x7f5b87c8 <filter+4>, __in_chrg=<optimized
out>) at prnt/hpcups/Job.cpp:137
#11 0x7f55a946 in HPCupsFilter::~HPCupsFilter (this=0x7f5b87c4 <filter>,
__in_chrg=<optimized out>) at prnt/hpcups/HPCupsFilter.cpp:213
#12 0xb6beaa70 in __run_exit_handlers (status=0, listp=0xb6cba4fc
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#13 0xb6beab32 in __GI_exit (status=<optimized out>) at exit.c:139
#14 0xb6bd9a24 in __libc_start_main (main=0x7f5587d1 <main(int, char**)>,
argc=6, argv=0xbefff7b4, init=<optimized out>, fini=0x7f56ed5d
<__libc_csu_fini>, rtld_fini=0xb6fe1075 <_dl_fini>,
stack_end=0xbefff7b4) at libc-start.c:342
#15 0x7f55889c in _start () at prnt/hpcups/HPCupsFilter.cpp:919
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
https://sources.debian.org/src/hplip/3.20.5+dfsg0-3/prnt/hpcups/Compressor.cpp/#L52
################
benutzer@localhost:~$ valgrind --log-file=valgrind.log
/usr/lib/cups/filter/hpcups 1 debian x 1 x <print_step_2.raster
>print_step_3.hpcups
STATE: -marker-supply-low-warning
PAGE: 1 1
benutzer@localhost:~$ cat valgrind.log
==13708== Memcheck, a memory error detector
==13708== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==13708== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==13708== Command: /usr/lib/cups/filter/hpcups 1 debian x 1 x
==13708== Parent PID: 9361
==13708==
==13708== Conditional jump or move depends on uninitialised value(s)
==13708== at 0x4B982A4: tolower (ctype.c:46)
==13708== by 0x4849FAF: strcasestr (vg_replace_strmem.c:1838)
==13708== by 0x11C8DF: IsChromeOs (utils.c:42)
==13708== by 0x10CA13: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:461)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Use of uninitialised value of size 4
==13708== at 0x4B982B6: tolower (ctype.c:46)
==13708== by 0x4849FAF: strcasestr (vg_replace_strmem.c:1838)
==13708== by 0x11C8DF: IsChromeOs (utils.c:42)
==13708== by 0x10CA13: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:461)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x117556: Backward16PixelsNonWhite (Halftoner.h:106)
==13708== by 0x117556: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:734)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad162 is 6 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x10EA0C: Mode9::Process(RASTERDATA*) (Mode9.cpp:332)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55b6d63 is 0 bytes after a block of size 379 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116D7F: Halftoner::Halftoner(PrintMode_s*, unsigned int,
int*, int, bool) (Halftoner.cpp:184)
==13708== by 0x1110D5: Pcl3::Configure(Pipeline**) (Pcl3.cpp:92)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x10EAEE: Mode9::Process(RASTERDATA*) (Mode9.cpp:215)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55b9019 is 0 bytes after a block of size 3,025 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x10E103: Compressor::Compressor(unsigned int, bool)
(Compressor.cpp:44)
==13708== by 0x10EBE1: Mode9::Mode9(unsigned int, bool) (Mode9.cpp:34)
==13708== by 0x1110FD: Pcl3::Configure(Pipeline**) (Pcl3.cpp:95)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid write of size 1
==13708== at 0x48464A8: memcpy (vg_replace_strmem.c:1034)
==13708== by 0x10E8D1: UnknownInlinedFun (string_fortified.h:34)
==13708== by 0x10E8D1: Mode9::Process(RASTERDATA*) (Mode9.cpp:405)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55b9019 is 0 bytes after a block of size 3,025 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x10E103: Compressor::Compressor(unsigned int, bool)
(Compressor.cpp:44)
==13708== by 0x10EBE1: Mode9::Mode9(unsigned int, bool) (Mode9.cpp:34)
==13708== by 0x1110FD: Pcl3::Configure(Pipeline**) (Pcl3.cpp:95)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x11709C: Halftoner::FORWARD_FED(short, unsigned int)
(Halftoner.cpp:800)
==13708== by 0x11764B: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:672)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad15c is 0 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x11709C: Halftoner::FORWARD_FED(short, unsigned int)
(Halftoner.cpp:800)
==13708== by 0x117675: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:674)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad15d is 1 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x11709C: Halftoner::FORWARD_FED(short, unsigned int)
(Halftoner.cpp:800)
==13708== by 0x11769F: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:676)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad15e is 2 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x11709C: Halftoner::FORWARD_FED(short, unsigned int)
(Halftoner.cpp:800)
==13708== by 0x1176C9: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:678)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad15f is 3 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x11709C: Halftoner::FORWARD_FED(short, unsigned int)
(Halftoner.cpp:800)
==13708== by 0x1176F3: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:680)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad160 is 4 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x11709C: Halftoner::FORWARD_FED(short, unsigned int)
(Halftoner.cpp:800)
==13708== by 0x11771D: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:682)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad161 is 5 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708== Invalid read of size 1
==13708== at 0x11709C: Halftoner::FORWARD_FED(short, unsigned int)
(Halftoner.cpp:800)
==13708== by 0x117749: Halftoner::HTEDiffOpen(Halftoner::THTDitherParms*,
unsigned short) (Halftoner.cpp:684)
==13708== by 0x117CE7: Halftoner::Process(RASTERDATA*) (Halftoner.cpp:548)
==13708== by 0x115DDF: Process (Pipeline.cpp:72)
==13708== by 0x115DDF: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:79)
==13708== by 0x115E01: Pipeline::Execute(RASTERDATA*) (Pipeline.cpp:83)
==13708== by 0x10D209: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:766)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708== Address 0x55ad162 is 6 bytes after a block of size 12,100 alloc'd
==13708== at 0x48416F4: operator new[](unsigned int)
(vg_replace_malloc.c:425)
==13708== by 0x116091: ColorMatcher::ColorMatcher(ColorMap_s, unsigned int,
unsigned int) (ColorMatcher.cpp:63)
==13708== by 0x11109B: Pcl3::Configure(Pipeline**) (Pcl3.cpp:90)
==13708== by 0x115BF1: Job::Configure() (Job.cpp:248)
==13708== by 0x115C87: Job::Init(SystemServices*, JobAttributes_s*,
Encapsulator*) (Job.cpp:63)
==13708== by 0x10CA79: HPCupsFilter::startPage(cups_page_header2_s*)
(HPCupsFilter.cpp:481)
==13708== by 0x10D32B: HPCupsFilter::processRasterData(_cups_raster_s*)
(HPCupsFilter.cpp:655)
==13708== by 0x10D6ED: HPCupsFilter::StartPrintJob(int, char**)
(HPCupsFilter.cpp:584)
==13708== by 0x4B8DA1F: (below main) (libc-start.c:308)
==13708==
==13708==
==13708== HEAP SUMMARY:
==13708== in use at exit: 6,752 bytes in 3 blocks
==13708== total heap usage: 1,891 allocs, 1,888 frees, 440,929 bytes allocated
==13708==
==13708== LEAK SUMMARY:
==13708== definitely lost: 0 bytes in 0 blocks
==13708== indirectly lost: 0 bytes in 0 blocks
==13708== possibly lost: 0 bytes in 0 blocks
==13708== still reachable: 6,752 bytes in 3 blocks
==13708== suppressed: 0 bytes in 0 blocks
==13708== Rerun with --leak-check=full to see details of leaked memory
==13708==
==13708== Use --track-origins=yes to see where uninitialised values come from
==13708== For lists of detected and suppressed errors, rerun with: -s
==13708== ERROR SUMMARY: 32062 errors from 13 contexts (suppressed: 0 from 0)
################
benutzer@localhost:~$ /usr/bin/gdbserver localhost:6666
/usr/lib/cups/filter/hpcups 1 debian x 1 x <print_step_2.raster
>print_step_3.hpcups
Process /usr/lib/cups/filter/hpcups created; pid = 13734
Listening on port 6666
gdb -q
set width 0
set pagination off
directory /home/benutzer/source/libc6/orig/glibc-2.31/malloc
target remote localhost:6666
b Compressor::Compressor
cont
display compressBuf
print &compressBuf
set can-use-hw-watchpoints false
watch *0x7f5e0e98
cont
bt
disa 2
print (mchunkptr)(0x7f5f43e8-8)
print *(mchunkptr)(0x7f5f43e8-8)
print ((mchunkptr)(0x7f5f43e8-8))->mchunk_size
print &(((mchunkptr)(0x7f5f43e8-8))->mchunk_size)
display/x *(int*)(0x7f5f43e8-4)
b free if $r0==0x7f5f43e8
b Mode9.cpp:405
ignore 4 7
cont
watch *(0x7f5f43e8-4)
cont
disa 5
disa 4
cont
bt
finish
bt
benutzer@localhost:~$ gdb -q
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/source/libc6/orig/glibc-2.31/malloc
Source directories searched:
/home/benutzer/source/libc6/orig/glibc-2.31/malloc:$cdir:$cwdb C
(gdb) target remote localhost:6666
r
cont
display compressBuf
print &cRemote debugging using localhost:6666o
mpressBuf
set can-use-hw-watchpoints false
watch *0x7f5e0e98
cont
bt
disa 2
print (mchunkptr)(0x7f5f43e8-8)
print *(mchunkptReading /usr/lib/cups/filter/hpcups from remote target...r
warning: )File transfers from remote targets can be slow. Use "set sysroot" to
access files locally instead.(
0x7f5f43e8-8)
print ((mchunkptr)(0x7f5f43e8-8))->mchunk_size
print &(((mchunkptr)(0x7f5f43e8-8))->mchunk_size)
display/x *(int*)(0x7f5f43e8-4)
b free if $r0==0x7f5f43e8
b Mode9.cpp:405
Reading /usr/lib/cups/filter/hpcups from remote target...
Reading symbols from target:/usr/lib/cups/filter/hpcups...
Reading symbols from
/usr/lib/debug/.build-id/20/25b6b40d5874920ba6c57ce85bb60b35661f71.debug...
Reading /lib/ld-linux-armhf.so.3 from remote target...
Reading /lib/ld-linux-armhf.so.3 from remote target...
Reading symbols from target:/lib/ld-linux-armhf.so.3...
Reading symbols from
/usr/lib/debug/.build-id/57/fd3af960eb7a2864df305a64a665e5a8c25750.debug...
0xb6fd5a80 in _start () from target:/lib/ld-linux-armhf.so.3
(gdb) b Compressor::Compressor
Breakpoint 1 at 0x7f55b0c4: file prnt/hpcups/Compressor.cpp, line 32.
(gdb) cont
Continuing.
Reading /lib/arm-linux-gnueabihf/libjpeg.so.62 from remote target...
...
Reading
target:/usr/lib/debug/lib/arm-linux-gnueabihf//5673b0f41b07865f82a15c45bfb7e387b9a226.debug
from remote target...
Breakpoint 1, Compressor::Compressor (this=0x7f5e0e70, RasterSize=3025,
useseed=true) at prnt/hpcups/Compressor.cpp:32
32 prnt/hpcups/Compressor.cpp: Datei oder Verzeichnis nicht gefunden.
(gdb) display compressBuf
1: compressBuf = warning: can't find linker symbol for virtual table for
`Compressor' value
(BYTE *) 0x0
(gdb) print &compressBuf
warning: can't find linker symbol for virtual table for `Compressor' value
$1 = (BYTE **) 0x7f5e0e98
(gdb) set can-use-hw-watchpoints false
(gdb) watch *0x7f5e0e98
Watchpoint 2: *0x7f5e0e98
(gdb) cont
Continuing.
Watchpoint 2: *0x7f5e0e98
Old value = 0
New value = 2136949736
Mode9::Mode9 (this=0x7f5e0e70, RasterSize=3025, bPackedBits=<optimized out>) at
prnt/hpcups/Mode9.cpp:44
44 prnt/hpcups/Mode9.cpp: Datei oder Verzeichnis nicht gefunden.
1: compressBuf = (BYTE *) 0x7f5f43e8 ""
(gdb) bt
#0 Mode9::Mode9 (this=0x7f5e0e70, RasterSize=3025, bPackedBits=<optimized
out>) at prnt/hpcups/Mode9.cpp:44
#1 0x7f55e0fe in Pcl3::Configure (this=<optimized out>, pipeline=0x7f5b8ca4
<filter+1248>) at prnt/hpcups/Pcl3.cpp:95
#2 0x7f562bf2 in Job::Configure (this=this@entry=0x7f5b87c8 <filter+4>) at
prnt/hpcups/Job.cpp:248
#3 0x7f562c88 in Job::Init (this=0x7f5b87c8 <filter+4>,
pSystemServices=0x7f5bb238, job_attrs=<optimized out>, encap_intf=<optimized
out>) at prnt/hpcups/Job.cpp:63
#4 0x7f559a7a in HPCupsFilter::startPage (this=0x7f5b87c4 <filter>,
cups_header=0xbeffead0) at prnt/hpcups/HPCupsFilter.cpp:481
#5 0x7f55a32c in HPCupsFilter::processRasterData (this=0x7f5b87c4 <filter>,
cups_raster=<optimized out>) at prnt/hpcups/HPCupsFilter.cpp:655
#6 0x7f55a6ee in HPCupsFilter::StartPrintJob (this=0x7f5b87c4 <filter>,
argc=6, argv=0xbefff7b4) at prnt/hpcups/HPCupsFilter.cpp:584
#7 0xb6bd9a20 in __libc_start_main (main=0x7f5587d1 <main(int, char**)>,
argc=6, argv=0xbefff7b4, init=<optimized out>, fini=0x7f56ed5d
<__libc_csu_fini>, rtld_fini=0xb6fe1075 <_dl_fini>, stack_end=0xbefff7b4) at
libc-start.c:308
#8 0x7f55889c in _start () at prnt/hpcups/HPCupsFilter.cpp:919
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
--> Here the memory 0x7f5f43e8 gets allocated
(gdb) disa 2
(gdb) print (mchunkptr)(0x7f5f43e8-8)
$2 = (mchunkptr) 0x7f5f43e0
(gdb) print *(mchunkptr)(0x7f5f43e8-8)
$3 = {mchunk_prev_size = 0, mchunk_size = 6057, fd = 0x0, bk = 0x0, fd_nextsize
= 0x0, bk_nextsize = 0x0}
(gdb) print ((mchunkptr)(0x7f5f43e8-8))->mchunk_size
$4 = 6057
(gdb) print &(((mchunkptr)(0x7f5f43e8-8))->mchunk_size)
$5 = (size_t *) 0x7f5f43e4
(gdb) display/x *(int*)(0x7f5f43e8-4)
2: /x *(int*)(0x7f5f43e8-4) = 0x17a9
(gdb) b free if $r0==0x7f5f43e8
Breakpoint 3 at 0xb6c1a47c: free. (2 locations)
(gdb) b Mode9.cpp:405
Breakpoint 4 at 0x7f55b8b4: file prnt/hpcups/Mode9.cpp, line 405.
(gdb) ignore 4 7
Will ignore next 7 crossings of breakpoint 4.
(gdb) cont
Continuing.
Breakpoint 4, Mode9::Process (this=0x7f5e0e70, input=0x7f5e0e84) at
prnt/hpcups/Mode9.cpp:405
405 in prnt/hpcups/Mode9.cpp
1: compressBuf = (BYTE *) 0x7f5f43e8 "y\323.\200", <incomplete sequence
\342\220>
2: /x *(int*)(0x7f5f43e8-4) = 0x17a9
(gdb) watch *(0x7f5f43e8-4)
Watchpoint 5: *(0x7f5f43e8-4)
(gdb) cont
Continuing.
Watchpoint 5: *(0x7f5f43e8-4)
Old value = 6057
New value = 0
__memcpy_neon () at ../sysdeps/arm/armv7/multiarch/memcpy_impl.S:295
warning: Source file is more recent than executable.
295 tst count, #4
1: compressBuf = <error: current stack frame does not contain a variable named
`this'>
2: /x *(int*)(0x7f5f43e8-4) = 0x0
(gdb) bt
#0 __memcpy_neon () at ../sysdeps/arm/armv7/multiarch/memcpy_impl.S:295
#1 0x7f55b8d2 in memcpy (__len=379, __src=<optimized out>, __dest=<optimized
out>) at /usr/include/arm-linux-gnueabihf/bits/string_fortified.h:34
#2 Mode9::Process (this=0x7f5e0e70, input=0x7f5e0e84) at
prnt/hpcups/Mode9.cpp:405
#3 0x7f562de0 in Pipeline::Process (raster=<optimized out>, this=0x7f5d7340)
at prnt/hpcups/Pipeline.cpp:79
#4 Pipeline::Execute (this=0x7f5d7340, InputRaster=<optimized out>) at
prnt/hpcups/Pipeline.cpp:79
#5 0x7f562e02 in Pipeline::Execute (this=0x7f5e6b88, InputRaster=<optimized
out>) at prnt/hpcups/Pipeline.cpp:83
#6 0x7f562e02 in Pipeline::Execute (this=0x7f5e6b70, InputRaster=<optimized
out>) at prnt/hpcups/Pipeline.cpp:83
#7 0x7f55a20a in HPCupsFilter::processRasterData (this=0x7f5b87c4 <filter>,
cups_raster=<optimized out>) at prnt/hpcups/HPCupsFilter.cpp:766
#8 0x7f55a6ee in HPCupsFilter::StartPrintJob (this=0x7f5b87c4 <filter>,
argc=6, argv=0xbefff7b4) at prnt/hpcups/HPCupsFilter.cpp:584
#9 0xb6bd9a20 in __libc_start_main (main=0x7f5587d1 <main(int, char**)>,
argc=6, argv=0xbefff7b4, init=<optimized out>, fini=0x7f56ed5d
<__libc_csu_fini>, rtld_fini=0xb6fe1075 <_dl_fini>, stack_end=0xbefff7b4) at
libc-start.c:308
#10 0x7f55889c in _start () at prnt/hpcups/HPCupsFilter.cpp:919
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
--> Here the "mchunk_size" is overwritten.
(gdb) disa 5
(gdb) disa 4
(gdb) cont
Continuing.
Breakpoint 3, __GI___libc_free (mem=0x7f5f43e8) at malloc.c:3092
3092 = atomic_forced_read (__free_hook);
1: compressBuf = <error: current stack frame does not contain a variable named
`this'>
2: /x *(int*)(0x7f5f43e8-4) = 0x0
(gdb) bt
#0 __GI___libc_free (mem=0x7f5f43e8) at malloc.c:3092
#1 0x7f55b12c in Compressor::~Compressor (this=0x7f5e0e70,
__in_chrg=<optimized out>) at prnt/hpcups/Compressor.cpp:52
#2 0x7f55b6a8 in Mode9::~Mode9 (this=0x7f5e0e70, __in_chrg=<optimized out>) at
prnt/hpcups/Mode9.cpp:51
#3 Mode9::~Mode9 (this=0x7f5e0e70, __in_chrg=<optimized out>) at
prnt/hpcups/Mode9.cpp:52
#4 0x7f56289e in Job::~Job (this=0x7f5b87c8 <filter+4>, __in_chrg=<optimized
out>) at prnt/hpcups/Job.cpp:137
#5 0x7f55a946 in HPCupsFilter::~HPCupsFilter (this=0x7f5b87c4 <filter>,
__in_chrg=<optimized out>) at prnt/hpcups/HPCupsFilter.cpp:213
#6 0xb6beaa70 in __run_exit_handlers (status=0, listp=0xb6cba4fc
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#7 0xb6beab32 in __GI_exit (status=<optimized out>) at exit.c:139
#8 0xb6bd9a24 in __libc_start_main (main=0x7f5587d1 <main(int, char**)>,
argc=6, argv=0xbefff7b4, init=<optimized out>, fini=0x7f56ed5d
<__libc_csu_fini>, rtld_fini=0xb6fe1075 <_dl_fini>, stack_end=0xbefff7b4) at
libc-start.c:342
#9 0x7f55889c in _start () at prnt/hpcups/HPCupsFilter.cpp:919
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
--> Here the memory 0x7f5f43e8 should be freed, but with a damaged
"mchunk_size" ...
(gdb) finish
Run till exit from #0 __GI___libc_free (mem=0x7f5f43e8) at malloc.c:3092
Program received signal SIGABRT, Aborted.
__libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
47 pop {r7, pc}
1: compressBuf = <error: current stack frame does not contain a variable named
`this'>
2: /x *(int*)(0x7f5f43e8-4) = 0x0
(gdb) bt
#0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
#1 0xb6be8dd0 in __libc_signal_restore_set (set=0xbefff314) at
../sysdeps/unix/sysv/linux/internal-signals.h:86
#2 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xb6bd97a2 in __GI_abort () at abort.c:79
#4 0xb6c11c56 in __libc_message (action=action@entry=do_abort, fmt=<optimized
out>) at ../sysdeps/posix/libc_fatal.c:155
#5 0xb6c16c32 in malloc_printerr (str=<optimized out>) at malloc.c:5347
#6 0xb6c17b14 in _int_free (av=<optimized out>, p=0x7f5f43e0, have_lock=0) at
malloc.c:4173
#7 0x7f55b12c in Compressor::~Compressor (this=0x7f5e0e70,
__in_chrg=<optimized out>) at prnt/hpcups/Compressor.cpp:52
#8 0x7f55b6a8 in Mode9::~Mode9 (this=0x7f5e0e70, __in_chrg=<optimized out>) at
prnt/hpcups/Mode9.cpp:51
#9 Mode9::~Mode9 (this=0x7f5e0e70, __in_chrg=<optimized out>) at
prnt/hpcups/Mode9.cpp:52
#10 0x7f56289e in Job::~Job (this=0x7f5b87c8 <filter+4>, __in_chrg=<optimized
out>) at prnt/hpcups/Job.cpp:137
#11 0x7f55a946 in HPCupsFilter::~HPCupsFilter (this=0x7f5b87c4 <filter>,
__in_chrg=<optimized out>) at prnt/hpcups/HPCupsFilter.cpp:213
#12 0xb6beaa70 in __run_exit_handlers (status=0, listp=0xb6cba4fc
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#13 0xb6beab32 in __GI_exit (status=<optimized out>) at exit.c:139
#14 0xb6bd9a24 in __libc_start_main (main=0x7f5587d1 <main(int, char**)>,
argc=6, argv=0xbefff7b4, init=<optimized out>, fini=0x7f56ed5d
<__libc_csu_fini>, rtld_fini=0xb6fe1075 <_dl_fini>, stack_end=0xbefff7b4) at
libc-start.c:342
#15 0x7f55889c in _start () at prnt/hpcups/HPCupsFilter.cpp:919
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)
https://sources.debian.org/src/hplip/3.20.5+dfsg0-3/prnt/hpcups/Mode9.cpp/#L405
https://sources.debian.org/src/hplip/3.20.5+dfsg0-3/prnt/hpcups/Compressor.cpp/#L52
