1285 – trying to get printer status causes segfault

Bug 1285 - trying to get printer status causes segfault

Summary: trying to get printer status causes segfault

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Printing (show other bugs)
Version:	3.0.2a
Hardware:	All Linux

Importance:	P5 critical
Target Milestone:	none
Assignee:	Gerald (Jerry) Carter (dead mail address)
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-04-22 10:50 UTC by Brian J. Murrell
Modified:	2005-11-14 09:28 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brian J. Murrell 2004-04-22 10:50:38 UTC

When trying to print to a particular printer, Samba segfaults.  It seems that
it's faulting in the code path to get the printer's status:

Here is some debug (level 5) just prior to the segfault:

[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2187)
  get_stored_queue_info: changed job = 1937059584
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2190)
  get_stored_queue_info: failed to find changed job = 1937059584
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2187)
  get_stored_queue_info: changed job = 1651715954
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2190)
  get_stored_queue_info: failed to find changed job = 1651715954
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2187)
  get_stored_queue_info: changed job = 1932488297
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2190)
  get_stored_queue_info: failed to find changed job = 1932488297
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2187)
  get_stored_queue_info: changed job = 6578797
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2190)
  get_stored_queue_info: failed to find changed job = 6578797
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2187)
  get_stored_queue_info: changed job = 0
[2004/04/22 10:31:00, 5] printing/printing.c:get_stored_queue_info(2190)
  get_stored_queue_info: failed to find changed job = 0

And the actual fault and stack-trace:

[2004/04/22 10:31:00, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/04/22 10:31:00, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 12156 (3.0.2a-Debian)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/04/22 10:31:00, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/04/22 10:31:00, 0] lib/util.c:smb_panic(1390)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 12156]
[2004/04/22 10:31:00, 0] lib/util.c:smb_panic(1398)
  smb_panic(): action returned status 0
[2004/04/22 10:31:00, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2004/04/22 10:31:00, 0] lib/util.c:smb_panic(1408)
  BACKTRACE: 16 stack frames:
   #0 /usr/sbin/smbd(smb_panic+0x16b) [0x8185483]
   #1 /usr/sbin/smbd [0x81760d3]
   #2 /usr/sbin/smbd [0x8176135]
   #3 /lib/libc.so.6 [0x401656b8]
   #4 /usr/sbin/smbd(print_queue_status+0x12b) [0x819e45b]
   #5 /usr/sbin/smbd [0x8089ed7]
   #6 /usr/sbin/smbd(api_reply+0x270) [0x808fa00]
   #7 /usr/sbin/smbd [0x8087827]
   #8 /usr/sbin/smbd(reply_trans+0x94f) [0x80882af]
   #9 /usr/sbin/smbd [0x80ba03a]
   #10 /usr/sbin/smbd [0x80ba0d3]
   #11 /usr/sbin/smbd(process_smb+0x187) [0x80ba373]
   #12 /usr/sbin/smbd(smbd_process+0x14f) [0x80baccf]
   #13 /usr/sbin/smbd(main+0x69b) [0x81ddaff]
   #14 /lib/libc.so.6(__libc_start_main+0xbb) [0x4015514f]
   #15 /usr/sbin/smbd(yp_get_default_domain+0x8d) [0x8077261]
[2004/04/22 10:31:16, 5] smbd/connection.c:claim_connection(170)
  claiming  0

Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-04-22 17:35:10 UTC

fix in 3.0.3pre1 or later.

Comment 2 Brian J. Murrell 2004-04-26 07:15:58 UTC

Not wanting to upgrade a production system to a release candidate, and
preferring to simply fix the code that this one bug refers to, would the
following patch (taken from a diff between samba 3.0.2a and the current SVN
branch "SAMBA_3_0") be the fix for this bug:

diff -ur ../samba-3.0.2a/source/printing/printing.c ./source/printing/printing.c
--- ../samba-3.0.2a/source/printing/printing.c	Fri Jan 16 12:47:53 2004
+++ ./source/printing/printing.c	Mon Apr 26 09:59:58 2004
@@ -519,8 +534,22 @@
 
 	/* Send notify updates for what has changed */
 
-	if ( ret && (old_data.dsize == 0 || old_data.dsize == sizeof(*pjob)) )
-		pjob_store_notify( snum, jobid, (struct printjob *)old_data.dptr, pjob );
+	if ( ret ) {
+		struct printjob old_pjob;
+
+		if ( old_data.dsize )
+		{
+			if ( unpack_pjob( old_data.dptr, old_data.dsize, &old_pjob ) != -1 )
+			{
+				pjob_store_notify( snum, jobid, &old_pjob , pjob );
+				free_nt_devicemode( &old_pjob.nt_devmode );
+			}
+		}
+		else {
+			/* new job */
+			pjob_store_notify( snum, jobid, NULL, pjob );
+		}
+	}
 
 done:
 	SAFE_FREE( old_data.dptr );

Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-04-26 09:55:49 UTC

actually, this bug report is a duplicate from bug 1147.
You should grab that patch (probably more relavent than 
the change notify fix listed below).

Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:18:34 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.

Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:28:55 UTC

database cleanup