I'm unable to print on a freshly configured hardened system. My cupsd error_log says: PID 2327 (/usr/libexec/cups/filter/hpps) stopped with status 11. In the meantime dmesg reports: [ 6424.965527] hpps[28319]: segfault at 1 ip 000055c74082ae69 sp 00007fffb83e7b90 error 4 in hpps[55c74082a000+6000] likely on CPU 13 (core 25, socket 0) [ 6424.965551] Code: 28 48 89 44 24 18 eb 13 e8 84 f6 ff ff 49 89 c7 e9 f4 fa ff ff 31 ff 89 7c 24 2c 48 8d 35 ab 53 00 00 4c 89 ef e8 87 f6 ff ff <41> 80 7e 01 01 48 89 44 24 30 0f 84 dc 08 00 00 48 8d 35 ec 53 00 So I tried to launch it manually in a way like: /usr/libexec/cups/filter/hpps 1 ago title 1 /tmp/file and I get a Segmentation fault in the end. So, to get more luck I recompiled with -fsanitize=address to see if anything more comes up and this is what comes up to the hpps command: ==2478==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x55aeb6dce886 bp 0x7ffd50d26458 sp 0x7ffd50d24530 T0) ==2478==The signal is caused by a READ memory access. ==2478==Hint: address points to the zero page. #0 0x55aeb6dce886 in main prnt/hpps/hppsfilter.c:990 #1 0x7fc43b6b0e0f (/lib64/libc.so.6+0x23e0f) #2 0x7fc43b6b0ec8 in __libc_start_main (/lib64/libc.so.6+0x23ec8) #3 0x55aeb6dd2574 in _start (/usr/libexec/cups/filter/hpps+0x15574) In the meantime if I try to print via system UI I can see in the error_log: D [28/Nov/2023:15:12:09 +0100] [Job 5] ==2327==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63300001ab49 at pc 0x559bca6dc8b0 bp 0x7ffe98444080 sp 0x7ffe98443828 D [28/Nov/2023:15:12:09 +0100] [Job 5] READ of size 107338 at 0x63300001ab49 thread T0 D [28/Nov/2023:15:12:09 +0100] [Job 5] PID 2325 (/usr/libexec/cups/filter/pdftopdf) exited with no errors. D [28/Nov/2023:15:12:09 +0100] [Job 5] Printer make and model: HP HP Color LaserJet MFP M277c10 D [28/Nov/2023:15:12:09 +0100] [Job 5] Running command line for pstops: pstops 5 ago Untitled 1 \'media=A4 sides=one-sided job-billing= job-uuid=urn:uuid:db8cae60-27f9-3e08-7794-4034df6a2716 job-originating-host-name=localhost date-time-at-creation= date-time-at-processing= time-at-creation=1701180729 time-at-processing=1701180729 document-name-supplied=070df656f91c3 Duplex=None PageSize=A4\' D [28/Nov/2023:15:12:09 +0100] [Job 5] Using image rendering resolution 600 dpi D [28/Nov/2023:15:12:09 +0100] [Job 5] Running command line for pdftops: pdftops -level2 -origpagesizes -nocenter -r 600 /var/spool/cups/tmp/00916656fb949 - D [28/Nov/2023:15:12:09 +0100] [Job 5] Started filter pdftops (PID 2329) D [28/Nov/2023:15:12:09 +0100] [Job 5] Started filter pstops (PID 2330) D [28/Nov/2023:15:12:09 +0100] [Job 5] STATE: -connecting-to-device D [28/Nov/2023:15:12:09 +0100] [Job 5] Connected to printer. D [28/Nov/2023:15:12:09 +0100] cupsdMarkDirty(---J-) D [28/Nov/2023:15:12:09 +0100] cupsdSetBusyState: newbusy="Printing jobs and dirty files", busy="Printing jobs and dirty files" D [28/Nov/2023:15:12:09 +0100] [Job 5] Set job-printer-state-message to "Connected to printer.", current level=INFO D [28/Nov/2023:15:12:09 +0100] [Job 5] Connected to 10.10.5.4:9100... D [28/Nov/2023:15:12:09 +0100] [Job 5] backendRunLoop(print_fd=0, device_fd=6, snmp_fd=5, addr=0x55c84a6be478, use_bc=1, side_cb=0x55c849e86660) D [28/Nov/2023:15:12:09 +0100] Discarding unused job-progress event... D [28/Nov/2023:15:12:09 +0100] Discarding unused printer-state-changed event... D [28/Nov/2023:15:12:09 +0100] [Job 5] #0 0x559bca6dc8af in StrstrCheck(void*, char*, char const*, char const*) (/usr/libexec/cups/filter/hpps+0x578af) D [28/Nov/2023:15:12:09 +0100] [Job 5] #1 0x559bca73d0d8 in strstr (/usr/libexec/cups/filter/hpps+0xb80d8) D [28/Nov/2023:15:12:09 +0100] [Job 5] #2 0x559bca6963d9 in GetPPDValues prnt/hpps/hppsfilter.c:172 D [28/Nov/2023:15:12:09 +0100] [Job 5] #3 0x559bca6963d9 in main prnt/hpps/hppsfilter.c:962 D [28/Nov/2023:15:12:09 +0100] [Job 5] #4 0x7faf33c94e0f (/lib64/libc.so.6+0x23e0f) D [28/Nov/2023:15:12:09 +0100] [Job 5] #5 0x7faf33c94ec8 in __libc_start_main (/lib64/libc.so.6+0x23ec8) D [28/Nov/2023:15:12:09 +0100] [Job 5] #6 0x559bca69a574 in _start (/usr/libexec/cups/filter/hpps+0x15574) D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001ab49 is located 0 bytes after 107337-byte region [0x633000000800,0x63300001ab49) D [28/Nov/2023:15:12:09 +0100] [Job 5] allocated by thread T0 here: D [28/Nov/2023:15:12:09 +0100] [Job 5] #0 0x559bca752827 in calloc (/usr/libexec/cups/filter/hpps+0xcd827) D [28/Nov/2023:15:12:09 +0100] [Job 5] #1 0x559bca696396 in GetPPDValues prnt/hpps/hppsfilter.c:164 D [28/Nov/2023:15:12:09 +0100] [Job 5] #2 0x559bca696396 in main prnt/hpps/hppsfilter.c:962 D [28/Nov/2023:15:12:09 +0100] [Job 5] #3 0x7ffe98447b8c ([stack]+0x20b8c) D [28/Nov/2023:15:12:09 +0100] [Job 5] SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/libexec/cups/filter/hpps+0x578af) in StrstrCheck(void*, char*, char const*, char const*) D [28/Nov/2023:15:12:09 +0100] [Job 5] Shadow bytes around the buggy address: D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001a980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001aa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D [28/Nov/2023:15:12:09 +0100] [Job 5] =>0x63300001ab00: 00 00 00 00 00 00 00 00 00[01]fa fa fa fa fa fa D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001ab80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001ac00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001ac80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001ad00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa D [28/Nov/2023:15:12:09 +0100] [Job 5] 0x63300001ad80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa D [28/Nov/2023:15:12:09 +0100] [Job 5] Shadow byte legend (one shadow byte represents 8 application bytes): D [28/Nov/2023:15:12:09 +0100] [Job 5] Addressable: 00 D [28/Nov/2023:15:12:09 +0100] [Job 5] Partially addressable: 01 02 03 04 05 06 07 D [28/Nov/2023:15:12:09 +0100] [Job 5] Heap left redzone: fa D [28/Nov/2023:15:12:09 +0100] [Job 5] Freed heap region: fd D [28/Nov/2023:15:12:09 +0100] [Job 5] Stack left redzone: f1 D [28/Nov/2023:15:12:09 +0100] [Job 5] Stack mid redzone: f2 D [28/Nov/2023:15:12:09 +0100] [Job 5] Stack right redzone: f3 D [28/Nov/2023:15:12:09 +0100] [Job 5] Stack after return: f5 D [28/Nov/2023:15:12:09 +0100] [Job 5] Stack use after scope: f8 D [28/Nov/2023:15:12:09 +0100] [Job 5] Global redzone: f9 D [28/Nov/2023:15:12:09 +0100] [Job 5] Global init order: f6 D [28/Nov/2023:15:12:09 +0100] [Job 5] Poisoned by user: f7 D [28/Nov/2023:15:12:09 +0100] [Job 5] Container overflow: fc D [28/Nov/2023:15:12:09 +0100] [Job 5] Array cookie: ac D [28/Nov/2023:15:12:09 +0100] [Job 5] Intra object redzone: bb D [28/Nov/2023:15:12:09 +0100] [Job 5] ASan internal: fe D [28/Nov/2023:15:12:09 +0100] [Job 5] Left alloca redzone: ca D [28/Nov/2023:15:12:09 +0100] [Job 5] Right alloca redzone: cb D [28/Nov/2023:15:12:09 +0100] [Job 5] ==2327==ABORTING Consider the following: #1 0x559bca73d0d8 in strstr (/usr/libexec/cups/filter/hpps+0xb80d8) #2 0x559bca6963d9 in GetPPDValues prnt/hpps/hppsfilter.c:172 Since hpps/hppsfilter.c are both part of hplip that was compiled with debug info, I don't know why there are no line numbers at all.
