GNOME Bugzilla – Bug 686838
gtk_enumerate_printers() hangs
Last modified: 2017-03-23 12:22:41 UTC
Created attachment 227221 [details] Minimal test case; compile with: gcc -o list_printers $(pkg-config --cflags --libs gtk+-2.0 gtk+-unix-print-2.0) list_printers.c If CUPS isn't running, Chromium's call to gtk_enumerate_printers() will hang. This occurs with GTK+ >=2.24.11, and I'm guessing GTK+ >=3.4 is affected as well. Commit 9a0e81380bfdc0abebbfa657abc974afeea6027b [1] has introduced this behavior; it was meant to address bug 672125 [2]. I have attached a minimal test case, which is a trimmed down version of the test case found on bug 668863 [3]. [1] http://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=9a0e81380bfdc0abebbfa657abc974afeea6027b [2] https://bugzilla.gnome.org/show_bug.cgi?id=672125 [3] https://bugzilla.gnome.org/show_bug.cgi?id=668863
I think I see what's happening: 1) list_printers_remove_backend() gets called to remove the CUPS backend since it's unavailable 2) printer_list->backends is now empty (NULL) so free_printer_list(printer_list) gets called 3) free_printer_list() does: g_free (printer_list) 4) control is returned to gtk_enumerate_printers() which checks: if (wait && printer_list->backends) 5) printer_list->backends is junk data (not NULL) so it proceeds to start the loop (and hangs here) At least that's what I gathered with the help of GDB.
@Carlos Garcia Campos: Sorry I added you to the CC list. I hoped you might be able to help with this issue or maybe know someone who could. Thanks.
Is there any progress on this issue?
Created attachment 272985 [details] [review] Don't hang in gtk_enumerate_printers() Hi, thank you for the report. The gtk_enumerate_printer() function access already freed pointer as you wrote. The attached patch fixes this for me. Regards Marek
*** Bug 605743 has been marked as a duplicate of this bug. ***
Visual inspection of HEAD shows that the problem persists. Patch applies cleanly although I am not in a position to actually test.
The issue still exists in Gtk+ versions 2.24.27 and 3.14.9. Note that I had to build Gtk+ 3.14.9 with --disable-cloudprint in order to reproduce the hang. The patch by Marek seems to fix the issue with both Gtk+ versions I mentioned above.
Review of attachment 272985 [details] [review]: The patch is good, we need to ensure we don't run the inner loop when all backends have been removed and the printer list has been destroyed. There's indeed a user after free there, I'm surprised it doesn't crash.
This also caused many bug reports against SWT / Eclipse, see https://bugs.eclipse.org/215234
Review of attachment 272985 [details] [review]: ok. Sorry for letting this languish for so long.
Comment on attachment 272985 [details] [review] Don't hang in gtk_enumerate_printers() Thank you for the review. I've pushed the patch to gtk-3-22 and master branches.