On Fri, Oct 14, 2011 at 01:44:09PM +0200, Pascal Stumpf wrote:
> On Fri, 14 Oct 2011 11:37:29 +0200, Otto Moerbeek wrote:
> > On Fri, Oct 14, 2011 at 11:28:22AM +0200, Pascal Stumpf wrote:
> >
> > > On Fri, 14 Oct 2011 10:24:05 +0200, Otto Moerbeek wrote:
> > > > On Wed, Oct 12, 2011 at 05:39:48PM +0200, Pascal Stumpf wrote:
> > > >
> > > > > On Wed, 12 Oct 2011 17:25:06 +0200, Otto Moerbeek wrote:
> > > > > > On Wed, Oct 12, 2011 at 04:03:57PM +0200, Pascal Stumpf wrote:
> > > > > >
> > > > > > > I have two printers on the local network (laser and lexmark) and
> > > > > > > I
> > want
> > > > > > > to use lpd(8) to print on them. It seems to me that lpd is having
> > > > > > > s
> > ome
> > > > > > > sort of local problem (it does not even create lock and status
> > > > > > > file
> > s in
> > > > > > > the spool directories, and both lpr and lpq do not see the
> > > > > > > daemon).
> > But
> > > > > > > some info first:
> > > > > > >
> > > > > > > lpd is started with -s, manually or with rc.d makes no difference
> > > > > > > (
> > nor
> > > > > > > removing -s).
> > > > > >
> > > > > > Check your /var/log/lpd.errs.
> > > > >
> > > > > Doesn't contain anything but "restarted" messages.
> > > > >
> > > > > > Also, ktracing lpd with the the -i flag might give a clue to what
> > > > > > the
> > > > > > lpd child is doing.
> > > > >
> > > > > Apparently, it segfaults:
> > > >
> > > > The problem appears in cgetnext();
> > > >
> > > > I can see two (probably related) problems there:
> > >
> > > Thanks for the analysis. :)
> > >
> > > > 1. if (toprec && !gottoprec) the goto lookup is done, leading to a
> > > > strcspn with record still being NULL.
> > > >
> > > > 2. After the toprec = record; statement is executed at the bottom op
> > > > the loop, a free(record) is done. That makes toprec point into the
> > > > wild. If a file is closed and reopened, toprec will be non-NULL (but
> > > > wild) and gottoprec will be 0 (due to cgetclose().
> > >
> > > Can we set toprec = NULL if gottoprec = 1 in cgetclose()? I can't test
> > > right now because I'm at the university, but it should fix both
> > > problems.
> >
> > It could stil happen that toprec becomes a wild pointer in that case,
> > because of the free(record). And the goto with record == NULL wil not
> > be fixed (well, maybe it will never be executed...).
> >
> > -Otto
>
> Right. Here's another try, still untested:
>
> Index: getcap.c
> ===================================================================
> RCS file: /cvs/src/lib/libc/gen/getcap.c,v
> retrieving revision 1.29
> diff -u -r1.29 getcap.c
> --- getcap.c 10 Jul 2011 13:31:02 -0000 1.29
> +++ getcap.c 14 Oct 2011 11:28:07 -0000
> @@ -677,6 +677,7 @@
> */
> if (toprec && !gottoprec) {
> gottoprec = 1;
> + record = toprec;
> goto lookup;
> }
>
> @@ -788,6 +789,7 @@
> done:
> serrno = errno;
> free(record);
> + record = toprec = NULL;
> if (status <= 0)
> (void)cgetclose();
> errno = serrno;
>
>
> On a side note, did the goto even work before (even without S flag)? I
> imagine cgetset() isn't used all that often, but still ...
That the most puzzing part for me as well....
-Otto
