The relevant code behind the cupsArrayNew() function in the CUPS library
(libcups, cups/array.[ch] in the cups source package) is the following:
----------
struct _cups_array_s /**** CUPS array structure ****/
{
int num_elements, /* Number of array elements */
alloc_elements, /* Allocated array elements */
current, /* Current element */
insert, /* Last inserted element */
unique, /* Are all elements unique? */
num_saved, /* Number of saved elements */
saved[_CUPS_MAXSAVE];
/* Saved elements */
void **elements; /* Array elements */
cups_array_func_t compare; /* Element comparison function */
void *data; /* User data passed to compare */
cups_ahash_func_t hashfunc; /* Hash function */
int hashsize, /* Size of hash */
*hash; /* Hash array */
cups_acopy_func_t copyfunc; /* Copy function */
cups_afree_func_t freefunc; /* Free function */
};
typedef struct _cups_array_s cups_array_t; /* This line is in
cups/array.h, all the rest in cups/array.c */
cups_array_t * /* O - Array */
cupsArrayNew(cups_array_func_t f, /* I - Comparison function or @code
NULL@ for an unsorted array */
void *d) /* I - User data pointer or @code NULL@
*/
{
return (cupsArrayNew3(f, d, 0, 0, 0, 0));
}
cups_array_t * /* O - Array */
cupsArrayNew3(cups_array_func_t f, /* I - Comparison function or @code
NULL@ for an unsorted array */
void *d, /* I - User data or @code NULL@ */
cups_ahash_func_t h, /* I - Hash function or @code NULL@ for
unhashed lookups */
int hsize, /* I - Hash size (>= 0) */
cups_acopy_func_t cf, /* I - Copy function */
cups_afree_func_t ff) /* I - Free function */
{
cups_array_t *a; /* Array */
/*
* Allocate memory for the array...
*/
a = calloc(1, sizeof(cups_array_t));
if (!a)
return (NULL);
[...]
return (a);
}
----------
We have cups_array_t, a data structure of around 20 elements of ordinary
types (~100 - 200 bytes), and cupsArrayNew() calls cupsArrayNew3() which
allocates memory for this data structure with the calloc() function. The
code not shown does nothing else than filling in the elements of the
structure.
So the crash is caused by the calloc() call trying to allocate 100 - 200
bytes of memory.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1519914
Title:
CUPS filter crashes on memory allocation when run by CUPS but works
when run manually
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1519914/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
