Skip to content
This repository was archived by the owner on Mar 10, 2026. It is now read-only.

Correct problem with UNKNOWN READ/SEGV for incorrect PPD file#5624

Closed
ppawliczek wants to merge 1 commit into
apple:masterfrom
ppawliczek:ppd2
Closed

Correct problem with UNKNOWN READ/SEGV for incorrect PPD file#5624
ppawliczek wants to merge 1 commit into
apple:masterfrom
ppawliczek:ppd2

Conversation

@ppawliczek

Copy link
Copy Markdown

The problem occurres when an input PPD file contains a specific combination of
*PageSize keywords with incorrect types. In this case the PPD parser may cause
memory violation when one of the type is PPD_CUSTOM_PASSCODE,
PPD_CUSTOM_PASSWORD or PPD_CUSTOM_STRING.

The problem occurres when an input PPD file contains a specific combination of
*PageSize keywords with incorrect types. In this case the PPD parser may cause
memory violation when one of the type is PPD_CUSTOM_PASSCODE,
PPD_CUSTOM_PASSWORD or PPD_CUSTOM_STRING.
@michaelrsweet

Copy link
Copy Markdown
Contributor

@ppawliczek Please attach the problematic PPD file.

@michaelrsweet michaelrsweet self-assigned this Jul 30, 2019
@michaelrsweet michaelrsweet added the investigating Investigating the issue label Jul 30, 2019
@ppawliczek

Copy link
Copy Markdown
Author

clusterfuzz-testcase-minimized-cups_ppdopen_fuzzer-5709920246431744.zip

The stack from SEGV:
in cfree /var/tmp/portage/cross-x86_64-cros-linux-gnu/glibc-2.27-r8/work/glibc-2.27/malloc/malloc.c:3098
in ppdClose (/usr/lib64/libcups.so.2+0xa0375)
in _ppdOpen (/usr/lib64/libcups.so.2+0xa7fc9)

@michaelrsweet

Copy link
Copy Markdown
Contributor

[master dc00a7c] Fix some PPD parser issues discovered via fuzzing (Issue #5623, Issue #5624)
[master 8e048e4] Fix some PPD parser issues discovered via fuzzing (Issue #5623, Issue #5624)

[branch-2.2 d11af54] Fix some PPD parser issues discovered via fuzzing (Issue #5623, Issue #5624)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants