From 12bd6655362f7e0f8790c34a208d10ca6333f99e Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Nov 24 2020 05:53:42 +0000 Subject: fix various memory issues within cups-browsed --- diff --git a/cups-filters-allocedrange-lost.patch b/cups-filters-allocedrange-lost.patch new file mode 100644 index 0000000..32f430f --- /dev/null +++ b/cups-filters-allocedrange-lost.patch @@ -0,0 +1,32 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 93f21c3..32d03da 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -1770,7 +1770,7 @@ void add_mediasize_attributes(char* cluster_name, ipp_t **merged_attributes) + ipp_t *media_size; + cups_array_t *sizes, *size_ranges; + media_size_t *temp, *media_s; +- pagesize_range_t *temp_range; ++ pagesize_range_t *temp_range = NULL, *range = NULL; + char* attributes[] = { + "media-size-supported", + }; +@@ -1843,12 +1843,12 @@ void add_mediasize_attributes(char* cluster_name, ipp_t **merged_attributes) + } + } + if (num_ranges) { +- for (temp_range = cupsArrayFirst(size_ranges); temp_range; +- i++, temp_range = cupsArrayNext(size_ranges)) { +- ipp_t *size_range = create_media_range(temp_range->x_dim_min, +- temp_range->x_dim_max, +- temp_range->y_dim_min, +- temp_range->y_dim_max); ++ for (range = cupsArrayFirst(size_ranges); range; ++ i++, range = cupsArrayNext(size_ranges)) { ++ ipp_t *size_range = create_media_range(range->x_dim_min, ++ range->x_dim_max, ++ range->y_dim_min, ++ range->y_dim_max); + ippSetCollection(*merged_attributes, &media_size_supported, i, + size_range); + ippDelete(size_range); diff --git a/cups-filters-document-format-leak.patch b/cups-filters-document-format-leak.patch new file mode 100644 index 0000000..db8bf1f --- /dev/null +++ b/cups-filters-document-format-leak.patch @@ -0,0 +1,15 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index f246453..0c40112 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -6593,7 +6593,10 @@ on_job_state (CupsNotifier *object, + cupsEncodeOptions2(request, num_options, options, IPP_TAG_OPERATION); + cupsEncodeOptions2(request, num_options, options, IPP_TAG_PRINTER); + ippDelete(cupsDoRequest(conn, request, "/admin/")); ++ + cupsFreeOptions(num_options, options); ++ free(document_format); ++ + if (cupsLastError() > IPP_STATUS_OK_EVENTS_COMPLETE) { + debug_printf("ERROR: Unable to set \"" CUPS_BROWSED_DEST_PRINTER + "-default\" option to communicate the destination server for this job (%s)!\n", diff --git a/cups-filters-free-after-error.patch b/cups-filters-free-after-error.patch new file mode 100644 index 0000000..ed41768 --- /dev/null +++ b/cups-filters-free-after-error.patch @@ -0,0 +1,26 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index a303df3..58f8be5 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -8949,6 +8949,21 @@ gboolean update_cups_queues(gpointer unused) { + p->timeout = current_time + pause_between_cups_queue_updates; + + cannot_create: ++ if (printer_attributes != NULL && num_cluster_printers != 1) ++ ippDelete(printer_attributes); ++ ++ if (default_pagesize != NULL && num_cluster_printers != 1) ++ free(default_pagesize); ++ ++ if (conflicts != NULL && num_cluster_printers != 1) ++ cupsArrayDelete(conflicts); ++ ++ if (make_model != NULL && num_cluster_printers != 1) ++ free(make_model); ++ ++ if (sizes != NULL && num_cluster_printers != 1) ++ cupsArrayDelete(sizes); ++ + if (p && !in_shutdown) + remove_printer_entry(p); + diff --git a/cups-filters-free-current-media.patch b/cups-filters-free-current-media.patch new file mode 100644 index 0000000..e5aa324 --- /dev/null +++ b/cups-filters-free-current-media.patch @@ -0,0 +1,12 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 58f8be5..3cb1f71 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -3089,6 +3089,7 @@ void get_cluster_default_attributes(ipp_t** merged_attributes, + free(temp->media_source); + free(temp->media_type); + free(temp); ++ ippDelete(current_media); + } + + /*Finding the default colormodel for the cluster*/ diff --git a/cups-filters-free-printer-sizes.patch b/cups-filters-free-printer-sizes.patch new file mode 100644 index 0000000..30f5151 --- /dev/null +++ b/cups-filters-free-printer-sizes.patch @@ -0,0 +1,30 @@ +diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c +index b8a907f..c50ba78 100644 +--- a/cupsfilters/ppdgenerator.c ++++ b/cupsfilters/ppdgenerator.c +@@ -2354,8 +2354,6 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + twidth, tlength); + } + +- cupsArrayDelete(sizes); +- + /* + * Custom size support... + */ +@@ -2394,7 +2392,6 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + cupsFilePuts(fp, "*CustomPageSize True: \"pop pop pop <>setpagedevice\"\n"); + } + } else { +- cupsArrayDelete(sizes); + cupsFilePrintf(fp, + "*%% Printer did not supply page size info via IPP, using defaults\n" + "*OpenUI *PageSize/Media Size: PickOne\n" +@@ -2461,6 +2458,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + "*PaperDimension EnvMonarch/Envelope Monarch: \"279 540\"\n"); + } + ++ cupsArrayDelete(printer_sizes); ++ + /* + * InputSlot... + */ diff --git a/cups-filters-free-temp-insequence.patch b/cups-filters-free-temp-insequence.patch new file mode 100644 index 0000000..a922d17 --- /dev/null +++ b/cups-filters-free-temp-insequence.patch @@ -0,0 +1,13 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index f21df6b..0d0f30f 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -3086,6 +3086,8 @@ void get_cluster_default_attributes(ipp_t** merged_attributes, + temp->media_source, temp->media_type); + ippSetCollection(*merged_attributes, &media_col_default, 0, current_media); + ++ free(temp->media_source); ++ free(temp->media_type); + free(temp); + } + diff --git a/cups-filters-get-attrs-earlier.patch b/cups-filters-get-attrs-earlier.patch new file mode 100644 index 0000000..3f0034c --- /dev/null +++ b/cups-filters-get-attrs-earlier.patch @@ -0,0 +1,36 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 885bc1c..b4df0e4 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -8157,6 +8157,7 @@ gboolean update_cups_queues(gpointer unused) { + sizes = NULL; + } else { + make_model = (char*)malloc(sizeof(char) * 256); ++ printer_attributes = get_cluster_attributes(p->queue_name); + if ((attr = ippFindAttribute(printer_attributes, + "printer-make-and-model", + IPP_TAG_TEXT)) != NULL) +@@ -8174,7 +8175,6 @@ gboolean update_cups_queues(gpointer unused) { + } + } + default_pagesize = (char *)malloc(sizeof(char)*32); +- printer_attributes = get_cluster_attributes(p->queue_name); + debug_printf("Generated Merged Attributes for local queue %s\n", + p->queue_name); + conflicts = generate_cluster_conflicts(p->queue_name, +@@ -8499,6 +8499,7 @@ gboolean update_cups_queues(gpointer unused) { + sizes = NULL; + } else { + make_model = (char*)malloc(sizeof(char)*256); ++ printer_attributes = get_cluster_attributes(p->queue_name); + if((attr = ippFindAttribute(printer_attributes, + "printer-make-and-model", + IPP_TAG_TEXT)) != NULL) +@@ -8516,7 +8517,6 @@ gboolean update_cups_queues(gpointer unused) { + } + } + default_pagesize = (char *)malloc(sizeof(char)*32); +- printer_attributes = get_cluster_attributes(p->queue_name); + debug_printf("Generated Merged Attributes for local queue %s\n", + p->queue_name); + conflicts = generate_cluster_conflicts(p->queue_name, diff --git a/cups-filters-ipp-leak.patch b/cups-filters-ipp-leak.patch new file mode 100644 index 0000000..23dba59 --- /dev/null +++ b/cups-filters-ipp-leak.patch @@ -0,0 +1,22 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 0c40112..450179b 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -6417,13 +6417,14 @@ on_job_state (CupsNotifier *object, + } + break; + } ++ ++ ippDelete(response); ++ response = NULL; ++ + if (pstate == IPP_PRINTER_IDLE && paccept) { + q->last_printer = i; + break; + } +- +- ippDelete(response); +- response = NULL; + } else + debug_printf("IPP request to %s:%d failed.\n", p->host, + p->port); diff --git a/cups-filters-nickname-handling.patch b/cups-filters-nickname-handling.patch new file mode 100644 index 0000000..5f5fd6e --- /dev/null +++ b/cups-filters-nickname-handling.patch @@ -0,0 +1,103 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 3cb1f71..db822af 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -7200,6 +7200,10 @@ create_remote_printer_entry (const char *queue_name, + in a row during creation of this printer's queue */ + p->timeouted = 0; + ++ /* Initialize nickname array for *Nickname directive from PPD ++ * - either from CUPS server or from our PPD generator */ ++ p->nickname = NULL; ++ + /* Remote CUPS printer or local queue remaining from previous cups-browsed + session */ + /* is_cups_queue: -1: Unknown, 0: IPP printer, 1: Remote CUPS queue, +@@ -7215,7 +7219,6 @@ create_remote_printer_entry (const char *queue_name, + remote CUPS server gets used. So we will not generate a PPD file + or interface script at this point. */ + p->netprinter = 0; +- p->nickname = NULL; + if (p->uri[0] != '\0') { + p->prattrs = get_printer_attributes(p->uri, NULL, 0, NULL, 0, 1); + debug_log_out(get_printer_attributes_log); +@@ -7620,7 +7623,7 @@ gboolean update_cups_queues(gpointer unused) { + time_t current_time; + int i, ap_remote_queue_id_line_inserted, + want_raw, num_cluster_printers = 0; +- char *disabled_str, *ptr; ++ char *disabled_str; + char *ppdfile, *ifscript; + int fd = 0; /* Script file descriptor */ + char tempfile[1024]; /* Temporary file */ +@@ -8189,7 +8192,6 @@ gboolean update_cups_queues(gpointer unused) { + debug_printf("Generated Default Attributes for local queue %s\n", + p->queue_name); + } +- p->nickname = NULL; + if (ppdfile == NULL) { + /* If we do not want CUPS-generated PPDs or we cannot obtain a + CUPS-generated PPD, for example if CUPS does not create a +@@ -8476,7 +8478,6 @@ gboolean update_cups_queues(gpointer unused) { + p->queue_name, p->uri); + goto cannot_create; + } +- p->nickname = NULL; + num_cluster_printers = 0; + for (s = (remote_printer_t *)cupsArrayFirst(remote_printers); + s; s = (remote_printer_t *)cupsArrayNext(remote_printers)) { +@@ -8683,14 +8684,48 @@ gboolean update_cups_queues(gpointer unused) { + manipulations of the print queue have replaced the PPD. + Check whether nickname is defined too */ + if (!strncmp(line, "*NickName:", 10) && p->nickname == NULL) { ++ char *ptr = NULL; ++ char *end_ptr = NULL; ++ int nickname_len = 0; ++ + ptr = strchr(line, '"'); +- if (ptr) { +- ptr ++; +- p->nickname = strdup(ptr); +- ptr = strchr(p->nickname, '"'); +- if (ptr) +- *ptr = '\0'; ++ ++ if (ptr == NULL) ++ { ++ debug_printf("Malformed *Nickname directive in PPD - no double quote in line.\n"); ++ continue; ++ } ++ ++ ptr ++; ++ end_ptr = strchr(ptr, '"'); ++ ++ if (end_ptr == NULL) ++ { ++ debug_printf("Malformed *Nickname directive in PPD - no ending double quote\n"); ++ continue; + } ++ ++ /* both pointers are null terminated, because cupsFileGets() puts ++ * a null terminator into returned buffer with one line ++ * here as 'line' array) and those two pointers points on two places ++ * in the 'line' array. ++ */ ++ nickname_len = strlen(ptr) - strlen(end_ptr); ++ ++ if (nickname_len == 0) ++ { ++ debug_printf("Malformed *Nickname directive in PPD - empty nickname.\n"); ++ continue; ++ } ++ ++ /* alloc one more space for null terminator, calloc() will initialize ++ * it to null automatically, so then we only copy a string with 'nickname_len' ++ * length to get a proper null terminated p->nickname. ++ */ ++ p->nickname = (char*)calloc(nickname_len + 1, sizeof(char)); ++ ++ if (p->nickname != NULL) ++ strncpy(p->nickname, ptr, nickname_len); + } + } + cupsFilePrintf(out,"*cupsFilter2: \"application/vnd.cups-pdf application/pdf 0 -\"\n"); diff --git a/cups-filters-resolution-memleaks.patch b/cups-filters-resolution-memleaks.patch new file mode 100644 index 0000000..6921ae7 --- /dev/null +++ b/cups-filters-resolution-memleaks.patch @@ -0,0 +1,124 @@ +diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c +index 7b4aa0c..bc694f0 100644 +--- a/cupsfilters/ppdgenerator.c ++++ b/cupsfilters/ppdgenerator.c +@@ -1059,9 +1059,11 @@ ippResolutionListToArray(ipp_attribute_t *attr) + res_array = resolutionArrayNew(); + if (res_array) { + for (i = 0; i < count; i ++) +- if ((res = ippResolutionToRes(attr, i)) != NULL && +- cupsArrayFind(res_array, res) == NULL) +- cupsArrayAdd(res_array, res); ++ if ((res = ippResolutionToRes(attr, i)) != NULL) { ++ if (cupsArrayFind(res_array, res) == NULL) ++ cupsArrayAdd(res_array, res); ++ free_resolution(res, NULL); ++ } + } + if (cupsArrayCount(res_array) == 0) { + cupsArrayDelete(res_array); +diff --git a/cupsfilters/ppdgenerator.h b/cupsfilters/ppdgenerator.h +index 5e03e6d..050c320 100644 +--- a/cupsfilters/ppdgenerator.h ++++ b/cupsfilters/ppdgenerator.h +@@ -71,6 +71,7 @@ char *ppdCreateFromIPP2(char *buffer, size_t bufsize, + const char *default_cluster_color); + int compare_resolutions(void *resolution_a, void *resolution_b, + void *user_data); ++void free_resolution(void *resolution, void *user_data); + res_t * ippResolutionToRes(ipp_attribute_t *attr, int index); + cups_array_t * resolutionArrayNew(); + cups_array_t* generate_sizes(ipp_t *response, +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index e2c9d38..8a882a1 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -1733,12 +1733,14 @@ void add_resolution_attributes(char* cluster_name, ipp_t **merged_attributes) + if ((attr = ippFindAttribute(p->prattrs, attributes[attr_no], + IPP_TAG_RESOLUTION)) != NULL) { + for (i = 0, count = ippGetCount(attr); i < count; i ++) { +- if ((res = ippResolutionToRes(attr, i)) != NULL && +- cupsArrayFind(res_array, res) == NULL) { +- cupsArrayAdd(res_array, res); +- num_resolution ++; +- } +- } ++ if ((res = ippResolutionToRes(attr, i)) != NULL) { ++ if (cupsArrayFind(res_array, res) == NULL) { ++ cupsArrayAdd(res_array, res); ++ num_resolution ++; ++ } ++ free_resolution(res, NULL); ++ } ++ } + } + } + if (num_resolution) { +@@ -3219,6 +3221,7 @@ void get_cluster_default_attributes(ipp_t** merged_attributes, + "printer-resolution-default", + IPP_RES_PER_INCH, xres, yres); + debug_printf("Default Resolution : %dx%d\n", xres, yres); ++ free_resolution(res, NULL); + } + } + +@@ -6157,7 +6160,7 @@ on_job_state (CupsNotifier *object, + const char *pdl = NULL; + cups_array_t *pdl_list; + char resolution[32]; +- res_t *max_res = NULL, *min_res = NULL, *res; ++ res_t *max_res = NULL, *min_res = NULL, *res = NULL; + int xres, yres; + int got_printer_info; + static const char *pattrs[] = +@@ -6504,6 +6507,10 @@ on_job_state (CupsNotifier *object, + + /* Deciding the resolution to be sent with the job */ + /* Finding the minimum and maximum resolution supported by the printer */ ++ ++ max_res = resolutionNew(0, 0); ++ min_res = resolutionNew(0, 0); ++ + if (s && + ((attr = ippFindAttribute(s->prattrs, "printer-resolution-supported", + IPP_TAG_RESOLUTION)) != NULL)) { +@@ -6511,14 +6518,20 @@ on_job_state (CupsNotifier *object, + if ((res = ippResolutionToRes(attr, i)) != NULL) { + debug_printf("%d %d\n",res->x,res->y); + if (i == 0) { +- max_res = res; +- min_res = res; ++ max_res->x = res->x; ++ max_res->y = res->y; ++ min_res->x = res->x; ++ min_res->y = res->y; + } else { + if(compare_resolutions((void *)res,(void *)max_res,NULL) > 0) +- max_res = res; ++ max_res->x = res->x; ++ max_res->y = res->y; + if(compare_resolutions((void *)res,(void *)min_res,NULL) < 0) +- min_res = res; ++ min_res->x = res->x; ++ min_res->y = res->y; + } ++ free_resolution(res, NULL); ++ res = NULL; + } + } + } +@@ -6555,10 +6568,14 @@ on_job_state (CupsNotifier *object, + snprintf(resolution, sizeof(resolution), "%ddpi", xres); + else + snprintf(resolution, sizeof(resolution), "%dx%ddpi", xres, yres); ++ free_resolution(res, NULL); + } + } + } + ++ free_resolution(max_res, NULL); ++ free_resolution(min_res, NULL); ++ + request = ippNewRequest(CUPS_ADD_MODIFY_PRINTER); + httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, + "localhost", 0, "/printers/%s", printer); diff --git a/cups-filters-support-jobattr-leaks.patch b/cups-filters-support-jobattr-leaks.patch new file mode 100644 index 0000000..2e52fe1 --- /dev/null +++ b/cups-filters-support-jobattr-leaks.patch @@ -0,0 +1,54 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 450179b..ec00151 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -3237,15 +3237,15 @@ int supports_job_attributes_requested(const gchar* printer, int printer_index, + ipp_attribute_t *attr, *attr1; + ipp_t *request, *response = NULL; + const char *str, *side, *resource; +- cups_array_t *job_sheet_supported, +- *multiple_doc_supported, *print_qualities, +- *media_type_supported, *staplelocation_supported, +- *foldtype_supported, *punchmedia_supported, +- *color_supported; ++ cups_array_t *job_sheet_supported = NULL, ++ *multiple_doc_supported = NULL, *print_qualities = NULL, ++ *media_type_supported = NULL, *staplelocation_supported = NULL, ++ *foldtype_supported = NULL, *punchmedia_supported = NULL, ++ *color_supported = NULL; + remote_printer_t *p; + int i, count, side_found, orien_req, orien, + orien_found; +- cups_array_t *sizes; ++ cups_array_t *sizes = NULL; + int ret = 1; + + p = (remote_printer_t *)cupsArrayIndex(remote_printers, printer_index); +@@ -3515,7 +3515,26 @@ int supports_job_attributes_requested(const gchar* printer, int printer_index, + } + + cleanup: +- ippDelete(response); ++ if (response != NULL) ++ ippDelete(response); ++ if (job_sheet_supported != NULL) ++ cupsArrayDelete(job_sheet_supported); ++ if (multiple_doc_supported) ++ cupsArrayDelete(multiple_doc_supported); ++ if (media_type_supported != NULL) ++ cupsArrayDelete(media_type_supported); ++ if (staplelocation_supported != NULL) ++ cupsArrayDelete(staplelocation_supported); ++ if (foldtype_supported != NULL) ++ cupsArrayDelete(foldtype_supported); ++ if (punchmedia_supported != NULL) ++ cupsArrayDelete(punchmedia_supported); ++ if (color_supported != NULL) ++ cupsArrayDelete(color_supported); ++ if (print_qualities != NULL) ++ cupsArrayDelete(print_qualities); ++ if (sizes != NULL) ++ cupsArrayDelete(sizes); + + return ret; + } diff --git a/cups-filters-tagzeroattrs-notconst.patch b/cups-filters-tagzeroattrs-notconst.patch new file mode 100644 index 0000000..a863e47 --- /dev/null +++ b/cups-filters-tagzeroattrs-notconst.patch @@ -0,0 +1,15 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 174e293..7110be4 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -1491,8 +1491,8 @@ void add_tagzero_attributes(char* cluster_name, ipp_t **merged_attributes) + strncpy(values[i], q, sizeof(values[i]) - 1); + } + ippAddStrings(*merged_attributes, IPP_TAG_PRINTER, +- IPP_CONST_TAG(IPP_TAG_KEYWORD), +- attributes[attr_no], num_value, NULL, ++ IPP_TAG_KEYWORD, attributes[attr_no], ++ num_value, NULL, + (const char * const *)values); + + for (int k = 0; k < i; k++) { diff --git a/cups-filters-undef-printquality.patch b/cups-filters-undef-printquality.patch new file mode 100644 index 0000000..c8b6bab --- /dev/null +++ b/cups-filters-undef-printquality.patch @@ -0,0 +1,13 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 0a8a7f1..92c2e6a 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -6174,7 +6174,7 @@ on_job_state (CupsNotifier *object, + cups_option_t *options; + int num_of_printers; + char* document_format; +- int print_quality; ++ int print_quality = 0; + const char *pdl = NULL; + cups_array_t *pdl_list; + char resolution[32]; diff --git a/cups-filters-uninit-attrs.patch b/cups-filters-uninit-attrs.patch new file mode 100644 index 0000000..dc2a729 --- /dev/null +++ b/cups-filters-uninit-attrs.patch @@ -0,0 +1,37 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 826679f..93f21c3 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -1415,8 +1415,8 @@ void add_mimetype_attributes(char* cluster_name, ipp_t **merged_attributes) + for (q = (char *)cupsArrayFirst(list),i=0; + q; + q = (char *)cupsArrayNext(list),i++) { +- values[i]=malloc(sizeof(char)*strlen(q)+1); +- strncpy(values[i], q, sizeof(values[i]) - 1); ++ values[i]=malloc(sizeof(char) * (strlen(q) + 1)); ++ snprintf(values[i], strlen(q) + 1, "%s", q); + } + ippAddStrings(*merged_attributes, IPP_TAG_PRINTER,IPP_TAG_MIMETYPE, + attributes[attr_no], num_value, NULL, +@@ -1487,8 +1487,8 @@ void add_tagzero_attributes(char* cluster_name, ipp_t **merged_attributes) + /* Transferring attributes value from cups Array to char* array*/ + for (q = (char *)cupsArrayFirst(list), i = 0; q; + q = (char *)cupsArrayNext(list), i ++) { +- values[i] = malloc(sizeof(char) * strlen(q) + 1); +- strncpy(values[i], q, sizeof(values[i]) - 1); ++ values[i] = malloc(sizeof(char) * (strlen(q) + 1)); ++ snprintf(values[i], strlen(q) + 1, "%s", q); + } + ippAddStrings(*merged_attributes, IPP_TAG_PRINTER, + IPP_TAG_KEYWORD, attributes[attr_no], +@@ -1558,8 +1558,8 @@ void add_keyword_attributes(char* cluster_name, ipp_t **merged_attributes) + for (q = (char *)cupsArrayFirst(list), i=0; + q; + q = (char *)cupsArrayNext(list), i ++) { +- values[i] = malloc(sizeof(char) * strlen(q) + 1); +- strncpy(values[i], q, sizeof(values[i]) - 1); ++ values[i] = malloc(sizeof(char) * (strlen(q) + 1)); ++ snprintf(values[i], strlen(q) + 1, "%s", q); + } + ippAddStrings(*merged_attributes, IPP_TAG_PRINTER, IPP_TAG_KEYWORD, + attributes[attr_no], num_value, NULL, diff --git a/cups-filters-unused-pointer.patch b/cups-filters-unused-pointer.patch new file mode 100644 index 0000000..f6ac3bc --- /dev/null +++ b/cups-filters-unused-pointer.patch @@ -0,0 +1,29 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 7110be4..f21df6b 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -2679,7 +2679,6 @@ cups_array_t* get_cluster_sizes(char* cluster_name) + cups_array_t *cluster_sizes = NULL, + *sizes_ppdname; + cups_size_t *size; +- pagesize_count_t *temp; + remote_printer_t *p; + ipp_attribute_t *defattr; + char ppdname[41], pagesize[128]; +@@ -2687,7 +2686,6 @@ cups_array_t* get_cluster_sizes(char* cluster_name) + int min_length, min_width, max_length, max_width, + bottom, left, right, top; + +- temp = (pagesize_count_t *)malloc(sizeof(pagesize_count_t)); + cluster_sizes = cupsArrayNew3((cups_array_func_t)pwg_compare_sizes, + NULL, NULL, 0, + (cups_acopy_func_t)pwg_copy_size, +@@ -2713,8 +2711,6 @@ cups_array_t* get_cluster_sizes(char* cluster_name) + sizes = generate_sizes(p->prattrs, &defattr, &min_length, &min_width, + &max_length, &max_width, + &bottom, &left, &right, &top, ppdname); +- temp->pagesize = ppdname; +- temp->count = 1; + for (size = (cups_size_t *)cupsArrayFirst(sizes); + size; size = (cups_size_t *)cupsArrayNext(sizes)) { + if (!cupsArrayFind(cluster_sizes, size)) { diff --git a/cups-filters-uuid-recast.patch b/cups-filters-uuid-recast.patch new file mode 100644 index 0000000..116efd5 --- /dev/null +++ b/cups-filters-uuid-recast.patch @@ -0,0 +1,13 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index 0d0f30f..885bc1c 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -3622,7 +3622,7 @@ new_local_printer (const char *device_uri, + { + local_printer_t *printer = g_malloc (sizeof (local_printer_t)); + printer->device_uri = strdup (device_uri); +- printer->uuid = uuid; ++ printer->uuid = (char*)uuid; + printer->cups_browsed_controlled = cups_browsed_controlled; + return printer; + } diff --git a/cups-filters-warnings.patch b/cups-filters-warnings.patch new file mode 100644 index 0000000..3707bb5 --- /dev/null +++ b/cups-filters-warnings.patch @@ -0,0 +1,33 @@ +diff --git a/cupsfilters/ppdgenerator.h b/cupsfilters/ppdgenerator.h +index 050c3201..027b9752 100644 +--- a/cupsfilters/ppdgenerator.h ++++ b/cupsfilters/ppdgenerator.h +@@ -73,6 +73,7 @@ int compare_resolutions(void *resolution_a, void *resolution_b, + void *user_data); + void free_resolution(void *resolution, void *user_data); + res_t * ippResolutionToRes(ipp_attribute_t *attr, int index); ++res_t * resolutionNew(int x, int y); + cups_array_t * resolutionArrayNew(); + cups_array_t* generate_sizes(ipp_t *response, + ipp_attribute_t **defattr, +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index f47b8115..89c403fc 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -6535,12 +6535,14 @@ on_job_state (CupsNotifier *object, + min_res->x = res->x; + min_res->y = res->y; + } else { +- if(compare_resolutions((void *)res,(void *)max_res,NULL) > 0) ++ if(compare_resolutions((void *)res,(void *)max_res,NULL) > 0) { + max_res->x = res->x; + max_res->y = res->y; +- if(compare_resolutions((void *)res,(void *)min_res,NULL) < 0) ++ } ++ if(compare_resolutions((void *)res,(void *)min_res,NULL) < 0) { + min_res->x = res->x; + min_res->y = res->y; ++ } + } + free_resolution(res, NULL); + res = NULL; diff --git a/cups-filters.spec b/cups-filters.spec index ea99c40..84a9fbe 100644 --- a/cups-filters.spec +++ b/cups-filters.spec @@ -4,7 +4,7 @@ Summary: OpenPrinting CUPS filters and backends Name: cups-filters Version: 1.28.5 -Release: 2%{?dist} +Release: 3%{?dist} # For a breakdown of the licensing, see COPYING file # GPLv2: filters: commandto*, imagetoraster, pdftops, rasterto*, @@ -23,7 +23,27 @@ Source0: http://www.openprinting.org/download/cups-filters/cups-filters-%{versio # backported from upstream https://github.com/OpenPrinting/cups-filters/pull/313 Patch01: foomatic-remove-tmpfile.patch # backported from upstream +# https://github.com/OpenPrinting/cups-filters/commit/240ffb901d06a117bb8e10b486bfd3de6fe464b2 Patch02: 0001-libcupsfilters-Added-NULL-check-when-removing-.Borde.patch +# all below to patch19 backported from upstream PR +# https://github.com/OpenPrinting/cups-filters/pull/322 +Patch03: cups-filters-resolution-memleaks.patch +Patch04: cups-filters-tagzeroattrs-notconst.patch +Patch05: cups-filters-unused-pointer.patch +Patch06: cups-filters-free-temp-insequence.patch +Patch07: cups-filters-uuid-recast.patch +Patch08: cups-filters-get-attrs-earlier.patch +Patch09: cups-filters-free-after-error.patch +Patch10: cups-filters-free-printer-sizes.patch +Patch11: cups-filters-free-current-media.patch +Patch12: cups-filters-nickname-handling.patch +Patch13: cups-filters-uninit-attrs.patch +Patch14: cups-filters-allocedrange-lost.patch +Patch15: cups-filters-document-format-leak.patch +Patch16: cups-filters-ipp-leak.patch +Patch17: cups-filters-support-jobattr-leaks.patch +Patch18: cups-filters-undef-printquality.patch +Patch19: cups-filters-warnings.patch Requires: cups-filters-libs%{?_isa} = %{version}-%{release} @@ -353,6 +373,9 @@ done %{_libdir}/libfontembed.so %changelog +* Tue Nov 24 2020 Zdenek Dohnal - 1.28.5-3 +- fix various memory issues within cups-browsed + * Thu Nov 05 2020 Zdenek Dohnal - 1.28.5-2 - use make and git-core