FS#77164 - [hplip] Filter crashes when printing from web browser for certain logged in pages

Attached to Project: Arch Linux
Opened by Arvid Norlander (VorpalGun) - Tuesday, 17 January 2023, 11:55 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 21 February 2023, 06:22 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

When I tried printing a web page using a HP Color LaserJet Pro MFP M281fdw, the CUPS filter would report that it had crashed. Other web pages printed fine, as did the same page if I first saved it locally.

After examining the core dump for /usr/lib/cups/filter/hpps using coredumpctl I got the following backtrace:

44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f50cd0c26b3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007f50cd072958 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f50cd05c53d in __GI_abort () at abort.c:79
#4 0x00007f50cd0b67ee in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7f50cd1d5202 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#5 0x00007f50cd1519ba in __GI___fortify_fail (msg=msg@entry=0x7f50cd1d51a8 "buffer overflow detected") at fortify_fail.c:26
#6 0x00007f50cd150316 in __GI___chk_fail () at chk_fail.c:28
#7 0x00007f50cd0af3af in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at iovsprintf.c:35
#8 0x00007f50cd0ba721 in __GI__IO_default_xsputn (n=<optimized out>, data=<optimized out>, f=<optimized out>) at genops.c:399
#9 __GI__IO_default_xsputn (f=0x7ffec429a4a0, data=<optimized out>, n=254) at genops.c:370
#10 0x00007f50cd0955df in outstring_func (done=18, length=254,
string=0x7ffec429badb "https://lsok2.saco.se/SASStoredProcess/guest?_program=/Products/SAS+Intelligence+Platform/LONESOK/StoredProcess/RenderDistributable&dummy=1673955631371&EXGRUPPX=40&SVINGEXLX=9999&ARBOMRX=36&LAN98X=18&"..., s=0x7ffec429a4a0)
at ../libio/libioP.h:947
#11 __vfprintf_internal (s=s@entry=0x7ffec429a4a0, format=format@entry=0x55836175686f "@PJL SET JOBNAME=\"%s\"\n",
ap=ap@entry=0x7ffec429a5e0, mode_flags=mode_flags@entry=6) at /usr/src/debug/glibc/stdio-common/vfprintf-process-arg.c:421
#12 0x00007f50cd0af45d in __vsprintf_internal (
string=0x7ffec429ac10 "@PJL SET JOBNAME=\"https://lsok2.saco.se/SASStoredProcess/guest?_program=/Products/SAS+Intelligence+Platform/LONESOK/StoredProcess/RenderDistributable&dummy=1673955631371&EXGRUPPX=40&SVINGEXLX=9999&ARB"...,
maxlen=<optimized out>, format=0x55836175686f "@PJL SET JOBNAME=\"%s\"\n", args=args@entry=0x7ffec429a5e0, mode_flags=6)
at iovsprintf.c:96
#13 0x00007f50cd14fe11 in ___sprintf_chk (s=<optimized out>, flag=<optimized out>, slen=<optimized out>,
format=<optimized out>) at sprintf_chk.c:40
#14 0x0000558361750354 in ?? ()
#15 0x00007f50cd05d290 in __libc_start_call_main (main=main@entry=0x558361750020, argc=argc@entry=6,
argv=argv@entry=0x7ffec429ae68) at ../sysdeps/nptl/libc_start_call_main.h:58
#16 0x00007f50cd05d34a in __libc_start_main_impl (main=0x558361750020, argc=6, argv=0x7ffec429ae68, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffec429ae58) at ../csu/libc-start.c:381
#17 0x0000558361752fc5 in ?? ()

It looks to me that the issue is in that Firefox sets the job ID to the URL that I was printing (which requires log in, unfortunately, making this harder to test for others).

Somehow it appears to be the URL that trips it up the filter.

Additional info:
* package version(s) hplip 1:3.22.10-2, cups 1:2.4.2-3
* config and/or log files etc.
* link to upstream bug report, if any: I did not find an upstream bug tracker, so please tell me how I should report this upstream.

Steps to reproduce:
This task depends upon

Closed by  Toolybird (Toolybird)
Tuesday, 21 February 2023, 06:22 GMT
Reason for closing:  Upstream
Additional comments about closing:  See comments
Comment by Arvid Norlander (VorpalGun) - Tuesday, 17 January 2023, 11:57 GMT
Since it was a buffer overflow according to glibc, the full URL I was trying to print was "https://lsok2.saco.se/SASStoredProcess/guest?_program=/Products/SAS+Intelligence+Platform/LONESOK/StoredProcess/RenderDistributable&dummy=1673956522966&EXGRUPPX=40&SVINGEXLX=9999&ARBOMRX=36&LAN98X=18&sess_id=696182717_1989577514a6&initforbund=cf&forbund=cf&selected_dsl1=LE&selected_dsl2=DF&action_click=&breakby=FODAR5KL&graftyp=box&userlevel=1&measure_var=FLON&egenlon=&selected_year=2021&tabell=simple&tablecol=SEX&tablerow=SEX&displaygraph=N&_odsstyle=journal&print=Y&preselected_dsl1=LE&preforbund=cf", which is 506 characters long!
Comment by Toolybird (Toolybird) - Tuesday, 17 January 2023, 20:42 GMT
"buffer overflow detected" suggests an upstream problem. It would be best for you to report upstream [1], (link obtained here [2]).

[1] https://bugs.launchpad.net/hplip
[2] https://developers.hp.com/hp-linux-imaging-and-printing/support
Comment by Arvid Norlander (VorpalGun) - Wednesday, 18 January 2023, 09:20 GMT
Upstream bug created: https://bugs.launchpad.net/hplip/+bug/2003173
Comment by Arvid Norlander (VorpalGun) - Wednesday, 18 January 2023, 09:26 GMT
By the way, after looking at the back trace again, it appears that debug symbols were only found for glibc. It would be really nice if hplip too was built such that debuginfod would work for it.
Comment by Andreas Radke (AndyRTR) - Wednesday, 18 January 2023, 09:47 GMT
check with hplip-debug-1:3.22.10-3
Comment by Toolybird (Toolybird) - Tuesday, 21 February 2023, 06:22 GMT
No response to upstream ticket. It's clearly an upstream issue so there is no point in this ticket hanging around. Please request a reopen if/when upstream ever get around to addressing it.

Loading...