2270 – Potential mem leak in Samba print_cups code

Bug 2270 - Potential mem leak in Samba print_cups code

Summary: Potential mem leak in Samba print_cups code

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Printing (show other bugs)
Version:	3.0.10
Hardware:	All Linux

Importance:	P3 enhancement
Target Milestone:	none
Assignee:	Gerald (Jerry) Carter (dead mail address)
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-01-20 08:06 UTC by Lars Müller
Modified:	2005-08-24 10:26 UTC (History)
CC List:	0 users

See Also:

Attachments
Use ippDelete() and cupsLangFree() before return. (4.67 KB, patch) 2005-01-20 08:07 UTC, Lars Müller	no flags	Details
Proposed patch. (23.14 KB, patch) 2005-01-20 14:26 UTC, Jeremy Allison	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Müller 2005-01-20 08:06:07 UTC

source/printing/print_cups.c doesn't free allocated memory with ippDelete() and
cupsLangFree().  This might lead to a memory leak as the functions from
print_cups.c are called regular at least by check_reload().

Comment 1 Lars Müller 2005-01-20 08:07:37 UTC

Created attachment 904 [details]
Use ippDelete() and cupsLangFree() before return.

Comment 2 Lars Müller 2005-01-20 08:10:12 UTC

In the patch I've also removed some superfluous ippNew() and cupsLangDefault()
calls.

Comment 3 Lars Müller 2005-01-20 14:00:58 UTC

Patch needs more testing. ;)

Comment 4 Jeremy Allison 2005-01-20 14:26:35 UTC

Created attachment 905 [details]
Proposed patch.

Try this one instead :-).
Jeremy.

Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-01-21 11:17:32 UTC

Gahhh!!!!  cupDoRequest() calls ippDelete(request) so
the segv was caused by calling ippDelete() on the same
pointer in our code.

That's just *insane*!  Unless its a documented feature
of cups I guess.

jra's patched has been tested and cleaned up where necessary.

Comment 6 Lars Müller 2005-01-21 11:59:47 UTC

Not documented in the CUPS book or the CUPS Software Programmers Manual.

Found the same problem while testing Jeremy's patch.

I suggest to leave a comment about this feature of cupsDoFileRequest() in
print_cups.c.

Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-02-07 07:34:52 UTC

originally reported against 3.0.11pre1.  Moving back to version to 3.0.10 
to remove preX and rcX versions.

Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:26:24 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.