On Fri, 14 Oct 2011 11:37:29 +0200, Otto Moerbeek wrote:
> On Fri, Oct 14, 2011 at 11:28:22AM +0200, Pascal Stumpf wrote:
>
> > On Fri, 14 Oct 2011 10:24:05 +0200, Otto Moerbeek wrote:
> > > On Wed, Oct 12, 2011 at 05:39:48PM +0200, Pascal Stumpf wrote:
> > >
> > > > On Wed, 12 Oct 2011 17:25:06 +0200, Otto Moerbeek wrote:
> > > > > On Wed, Oct 12, 2011 at 04:03:57PM +0200, Pascal Stumpf wrote:
> > > > >
> > > > > > I have two printers on the local network (laser and lexmark) and I
> want
> > > > > > to use lpd(8) to print on them. It seems to me that lpd is having s
> ome
> > > > > > sort of local problem (it does not even create lock and status file
> s in
> > > > > > the spool directories, and both lpr and lpq do not see the daemon).
> But
> > > > > > some info first:
> > > > > >
> > > > > > lpd is started with -s, manually or with rc.d makes no difference (
> nor
> > > > > > removing -s).
> > > > >
> > > > > Check your /var/log/lpd.errs.
> > > >
> > > > Doesn't contain anything but "restarted" messages.
> > > >
> > > > > Also, ktracing lpd with the the -i flag might give a clue to what the
> > > > > lpd child is doing.
> > > >
> > > > Apparently, it segfaults:
> > >
> > > The problem appears in cgetnext();
> > >
> > > I can see two (probably related) problems there:
> >
> > Thanks for the analysis. :)
> >
> > > 1. if (toprec && !gottoprec) the goto lookup is done, leading to a
> > > strcspn with record still being NULL.
> > >
> > > 2. After the toprec = record; statement is executed at the bottom op
> > > the loop, a free(record) is done. That makes toprec point into the
> > > wild. If a file is closed and reopened, toprec will be non-NULL (but
> > > wild) and gottoprec will be 0 (due to cgetclose().
> >
> > Can we set toprec = NULL if gottoprec = 1 in cgetclose()? I can't test
> > right now because I'm at the university, but it should fix both
> > problems.
>
> It could stil happen that toprec becomes a wild pointer in that case,
> because of the free(record). And the goto with record == NULL wil not
> be fixed (well, maybe it will never be executed...).
>
> -Otto
Right. Here's another try, still untested:
Index: getcap.c
===================================================================
RCS file: /cvs/src/lib/libc/gen/getcap.c,v
retrieving revision 1.29
diff -u -r1.29 getcap.c
--- getcap.c 10 Jul 2011 13:31:02 -0000 1.29
+++ getcap.c 14 Oct 2011 11:28:07 -0000
@@ -677,6 +677,7 @@
*/
if (toprec && !gottoprec) {
gottoprec = 1;
+ record = toprec;
goto lookup;
}
@@ -788,6 +789,7 @@
done:
serrno = errno;
free(record);
+ record = toprec = NULL;
if (status <= 0)
(void)cgetclose();
errno = serrno;
On a side note, did the goto even work before (even without S flag)? I
imagine cgetset() isn't used all that often, but still ...
