* [ruby-core:69736] [Ruby trunk - Bug #11306] [Open] Segmentation fault
[not found] <redmine.issue-11306.20150625074532@ruby-lang.org>
@ 2015-06-25 7:45 ` dsaronin
2015-06-25 8:22 ` [ruby-core:69737] " Eric Wong
2015-06-25 10:14 ` [ruby-core:69738] [Ruby trunk - Bug #11306] [Third Party's Issue] " nobu
2015-06-26 1:25 ` [ruby-core:69740] [Ruby trunk - Bug #11306] " dsaronin
2 siblings, 1 reply; 4+ messages in thread
From: dsaronin @ 2015-06-25 7:45 UTC (permalink / raw)
To: ruby-core
Issue #11306 has been reported by David Anderson.
----------------------------------------
Bug #11306: Segmentation fault
https://bugs.ruby-lang.org/issues/11306
* Author: David Anderson
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
bug is detected during CUPS call in cups gem (https://github.com/m0wfo/cups) v0.1.10. The complete core dump is attached as file 'dump.txt'.
the following works okay:
2.2.1 :001 > list = Cups.show_destinations
=> ["laserjet_1102w", "lp_null"]
2.2.1 :002 > Cups.device_uri_for( list.first )
=> "hp:/net/HP_LaserJet_Professional_P_1102w?ip=192.168.0.65"
2.2.1 :003 > Cups.device_uri_for( list.last )
=> "file:///dev/null"
the following fails (the order is not important; the second call always fails with abort):
2.2.1 :001 > list = Cups.show_destinations
=> ["laserjet_1102w", "lp_null"]
2.2.1 :002 > CupsDevice.testit( list.first )
=> "hp:/net/HP_LaserJet_Professional_P_1102w?ip=192.168.0.65"
2.2.1 :003 > CupsDevice.testit( list.last )
/home/daudi/projectspace/swalapala/app/models/cups_device.rb:101: [BUG] Segmentation fault at 0x0000000a491862
ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
where:
class CupsDevice < ActiveRecord::Base
def self.testit( cups_name )
Cups.device_uri_for( cups_name )
end
end # class CupsDevice
and in the cups gem:
rb_define_singleton_method(rubyCups, "device_uri_for", cups_get_device_uri, 1);
static VALUE cups_get_device_uri(VALUE self, VALUE printer)
{
if (!printer_exists(printer))
{
rb_raise(rb_eRuntimeError, "The printer or destination doesn't exist!");
}
VALUE options_list;
http_t *http;
ipp_t *request;
ipp_t *response;
ipp_attribute_t *attr;
char uri[1024];
char *location;
char *name = RSTRING_PTR(printer);
request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", name);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
if ((response = cupsDoRequest(http, request, "/")) != NULL)
{
if((attr = ippFindAttribute(response, "device-uri", IPP_TAG_URI)) != NULL)
{
return rb_str_new2(attr->values[0].string.text);
}
ippDelete(response);
}
return Qtrue;
}
---Files--------------------------------
dump.txt (206 KB)
cups_device.rb (3.43 KB)
cups.c (14.2 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:69737] Re: [Ruby trunk - Bug #11306] [Open] Segmentation fault
2015-06-25 7:45 ` [ruby-core:69736] [Ruby trunk - Bug #11306] [Open] Segmentation fault dsaronin
@ 2015-06-25 8:22 ` Eric Wong
0 siblings, 0 replies; 4+ messages in thread
From: Eric Wong @ 2015-06-25 8:22 UTC (permalink / raw)
To: Ruby developers
dsaronin@gmail.com wrote:
> static VALUE cups_get_device_uri(VALUE self, VALUE printer)
> {
> if (!printer_exists(printer))
> {
> rb_raise(rb_eRuntimeError, "The printer or destination doesn't exist!");
> }
>
> VALUE options_list;
> http_t *http;
> ipp_t *request;
> ipp_t *response;
> ipp_attribute_t *attr;
> char uri[1024];
> char *location;
> char *name = RSTRING_PTR(printer);
You want to use StringValueCStr or StringValuePtr when you see
untrusted user-input instead of RSTRING_PTR. RSTRING_PTR will segfault
if the user calls a function with a non-String.
> request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
> httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", name);
You also need to add a GC guard for VALUE where you got `name' from
after the last use of `name' in your function:
RB_GC_GUARD(printer);
Nowadays with better optimizing compilers, the `volatile' type qualifier
for args in the StringValue* family functions is insufficient to protect
VALUEs from inadvertant GC. RB_GC_GUARD must be used.
See doc/extension.rdoc in the latest Ruby trunk or README.EXT in the
2.2 source tarball for more info on these APIs
And feel free to ask for clarification here on the ruby-core ML.
> cups.c (14.2 KB)
Lots of similar problems in cups.c too. The same pattern
described above needs to happen with
RSTRING_PTR => StringValueCStr/StringValuePtr and the addition of
RB_GC_GUARD calls after the last access to the underlying pointer.
There may be other problems in the code, too, but these are the ones
that jumped out to my tired, sleepy eyes...
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:69738] [Ruby trunk - Bug #11306] [Third Party's Issue] Segmentation fault
[not found] <redmine.issue-11306.20150625074532@ruby-lang.org>
2015-06-25 7:45 ` [ruby-core:69736] [Ruby trunk - Bug #11306] [Open] Segmentation fault dsaronin
@ 2015-06-25 10:14 ` nobu
2015-06-26 1:25 ` [ruby-core:69740] [Ruby trunk - Bug #11306] " dsaronin
2 siblings, 0 replies; 4+ messages in thread
From: nobu @ 2015-06-25 10:14 UTC (permalink / raw)
To: ruby-core
Issue #11306 has been updated by Nobuyoshi Nakada.
Description updated
Status changed from Open to Third Party's Issue
A bug of that gem.
----------------------------------------
Bug #11306: Segmentation fault
https://bugs.ruby-lang.org/issues/11306#change-53119
* Author: David Anderson
* Status: Third Party's Issue
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
bug is detected during CUPS call in cups gem (https://github.com/m0wfo/cups) v0.1.10. The complete core dump is attached as file 'dump.txt'.
the following works okay:
~~~
2.2.1 :001 > list = Cups.show_destinations
=> ["laserjet_1102w", "lp_null"]
2.2.1 :002 > Cups.device_uri_for( list.first )
=> "hp:/net/HP_LaserJet_Professional_P_1102w?ip=192.168.0.65"
2.2.1 :003 > Cups.device_uri_for( list.last )
=> "file:///dev/null"
~~~
the following fails (the order is not important; the second call always fails with abort):
~~~
2.2.1 :001 > list = Cups.show_destinations
=> ["laserjet_1102w", "lp_null"]
2.2.1 :002 > CupsDevice.testit( list.first )
=> "hp:/net/HP_LaserJet_Professional_P_1102w?ip=192.168.0.65"
2.2.1 :003 > CupsDevice.testit( list.last )
/home/daudi/projectspace/swalapala/app/models/cups_device.rb:101: [BUG] Segmentation fault at 0x0000000a491862
ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
~~~
where:
~~~ruby
class CupsDevice < ActiveRecord::Base
def self.testit( cups_name )
Cups.device_uri_for( cups_name )
end
end # class CupsDevice
~~~
and in the cups gem:
~~~c
rb_define_singleton_method(rubyCups, "device_uri_for", cups_get_device_uri, 1);
static VALUE cups_get_device_uri(VALUE self, VALUE printer)
{
if (!printer_exists(printer))
{
rb_raise(rb_eRuntimeError, "The printer or destination doesn't exist!");
}
VALUE options_list;
http_t *http;
ipp_t *request;
ipp_t *response;
ipp_attribute_t *attr;
char uri[1024];
char *location;
char *name = RSTRING_PTR(printer);
request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", name);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
if ((response = cupsDoRequest(http, request, "/")) != NULL)
{
if((attr = ippFindAttribute(response, "device-uri", IPP_TAG_URI)) != NULL)
{
return rb_str_new2(attr->values[0].string.text);
}
ippDelete(response);
}
return Qtrue;
}
~~~
---Files--------------------------------
dump.txt (206 KB)
cups_device.rb (3.43 KB)
cups.c (14.2 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ruby-core:69740] [Ruby trunk - Bug #11306] Segmentation fault
[not found] <redmine.issue-11306.20150625074532@ruby-lang.org>
2015-06-25 7:45 ` [ruby-core:69736] [Ruby trunk - Bug #11306] [Open] Segmentation fault dsaronin
2015-06-25 10:14 ` [ruby-core:69738] [Ruby trunk - Bug #11306] [Third Party's Issue] " nobu
@ 2015-06-26 1:25 ` dsaronin
2 siblings, 0 replies; 4+ messages in thread
From: dsaronin @ 2015-06-26 1:25 UTC (permalink / raw)
To: ruby-core
Issue #11306 has been updated by David Anderson.
Thank you. This has now been reported as a gem error: https://github.com/m0wfo/cups/issues/21
and I added Eric Wong's response as a comment to that issue.
----------------------------------------
Bug #11306: Segmentation fault
https://bugs.ruby-lang.org/issues/11306#change-53122
* Author: David Anderson
* Status: Third Party's Issue
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
bug is detected during CUPS call in cups gem (https://github.com/m0wfo/cups) v0.1.10. The complete core dump is attached as file 'dump.txt'.
the following works okay:
~~~
2.2.1 :001 > list = Cups.show_destinations
=> ["laserjet_1102w", "lp_null"]
2.2.1 :002 > Cups.device_uri_for( list.first )
=> "hp:/net/HP_LaserJet_Professional_P_1102w?ip=192.168.0.65"
2.2.1 :003 > Cups.device_uri_for( list.last )
=> "file:///dev/null"
~~~
the following fails (the order is not important; the second call always fails with abort):
~~~
2.2.1 :001 > list = Cups.show_destinations
=> ["laserjet_1102w", "lp_null"]
2.2.1 :002 > CupsDevice.testit( list.first )
=> "hp:/net/HP_LaserJet_Professional_P_1102w?ip=192.168.0.65"
2.2.1 :003 > CupsDevice.testit( list.last )
/home/daudi/projectspace/swalapala/app/models/cups_device.rb:101: [BUG] Segmentation fault at 0x0000000a491862
ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
~~~
where:
~~~ruby
class CupsDevice < ActiveRecord::Base
def self.testit( cups_name )
Cups.device_uri_for( cups_name )
end
end # class CupsDevice
~~~
and in the cups gem:
~~~c
rb_define_singleton_method(rubyCups, "device_uri_for", cups_get_device_uri, 1);
static VALUE cups_get_device_uri(VALUE self, VALUE printer)
{
if (!printer_exists(printer))
{
rb_raise(rb_eRuntimeError, "The printer or destination doesn't exist!");
}
VALUE options_list;
http_t *http;
ipp_t *request;
ipp_t *response;
ipp_attribute_t *attr;
char uri[1024];
char *location;
char *name = RSTRING_PTR(printer);
request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", name);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
if ((response = cupsDoRequest(http, request, "/")) != NULL)
{
if((attr = ippFindAttribute(response, "device-uri", IPP_TAG_URI)) != NULL)
{
return rb_str_new2(attr->values[0].string.text);
}
ippDelete(response);
}
return Qtrue;
}
~~~
---Files--------------------------------
dump.txt (206 KB)
cups_device.rb (3.43 KB)
cups.c (14.2 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-06-26 1:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <redmine.issue-11306.20150625074532@ruby-lang.org>
2015-06-25 7:45 ` [ruby-core:69736] [Ruby trunk - Bug #11306] [Open] Segmentation fault dsaronin
2015-06-25 8:22 ` [ruby-core:69737] " Eric Wong
2015-06-25 10:14 ` [ruby-core:69738] [Ruby trunk - Bug #11306] [Third Party's Issue] " nobu
2015-06-26 1:25 ` [ruby-core:69740] [Ruby trunk - Bug #11306] " dsaronin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).