[Printing-architecture] [patch] cups-1.7.0: stringpool corruption fix

Michael Sweet msweet at apple.com
Tue Nov 5 01:12:04 UTC 2013


Updated patch attached; aside from adding the local string copy (which I’ve made outside the int/string check), I also made the “value” parameter const since we definitely don’t want to be fiddling with that string.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: rdar15382819.patch
Type: application/octet-stream
Size: 2722 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/printing-architecture/attachments/20131104/a4af9f84/attachment-0001.obj>
-------------- next part --------------

On Nov 1, 2013, at 1:02 PM, Tim Waugh <twaugh at redhat.com> wrote:

> There is a long-standing stringpool corruption issue in printers.c.
> Attribute values are stored in the global stringpool (implemented in
> cups/string.c), which is reference-counted storage for strings. Strings
> are stored in a sorted, unique array (cups_array_t, implemented in
> cups/array.c).
> If the array is found to be unsorted, or a duplicate is found, the
> underlying cups_array_t object switches into "non-unique" mode and
> stores new strings by adding to the pool rather than incrementing the
> reference count for an existing string (see the cups_array_add()
> function).
> The accessor functions for the stringpool return "char*" types, but
> these are strings which must not be modified -- doing so will trigger
> the behaviour described above.
> In scheduler/printers.c, there are a couple of places which modify
> attribute values in-place. Attached is a patch to fix them.
> Tim.
> */
> <cups-stringpool-corruption.patch>_______________________________________________
> Printing-architecture mailing list
> Printing-architecture at lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/printing-architecture

Michael Sweet, Senior Printing System Engineer, PWG Chair

More information about the Printing-architecture mailing list