Clean out some more _cupsStr cruft that might potentially cause an unaligned memory...

Don't directly use the string pool in the CGI programs or scheduler.

diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index 70b8f451b799f92b2640809721b6ae598ae4d2f5..e27c078bd24ab822ec60f871618c436a43e8a4f2 100644 (file)
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -767,7 +767,7 @@ do_am_class(http_t *http,           /* I - HTTP connection */
     attr = ippAddStrings(request, IPP_TAG_PRINTER, IPP_TAG_URI, "member-uris",
                          num_printers, NULL, NULL);
     for (i = 0; i < num_printers; i ++)
-      attr->values[i].string.text = _cupsStrAlloc(cgiGetArray("MEMBER_URIS", i));
+      ippSetString(request, &attr, i, cgiGetArray("MEMBER_URIS", i));
   }
 
  /*
@@ -2413,7 +2413,7 @@ do_list_printers(http_t *http)            /* I - HTTP connection */
          attr;
         attr = ippFindNextAttribute(response, "device-uri", IPP_TAG_URI))
     {
-      cupsArrayAdd(printer_devices, _cupsStrAlloc(attr->values[0].string.text));
+      cupsArrayAdd(printer_devices, strdup(attr->values[0].string.text));
     }
 
    /*
@@ -2551,7 +2551,7 @@ do_list_printers(http_t *http)            /* I - HTTP connection */
       for (printer_device = (char *)cupsArrayFirst(printer_devices);
            printer_device;
           printer_device = (char *)cupsArrayNext(printer_devices))
-        _cupsStrFree(printer_device);
+        free(printer_device);
 
       cupsArrayDelete(printer_devices);
     }
@@ -2948,7 +2948,7 @@ do_set_allowed_users(http_t *http)        /* I - HTTP connection */
         * Add the name...
        */
 
-        attr->values[i].string.text = _cupsStrAlloc(ptr);
+        ippSetString(request, &attr, i, ptr);
 
        /*
         * Advance to the next name...
@@ -3757,8 +3757,8 @@ do_set_options(http_t *http,              /* I - HTTP connection */
 
     attr = ippAddStrings(request, IPP_TAG_PRINTER, IPP_TAG_NAME,
                          "job-sheets-default", 2, NULL, NULL);
-    attr->values[0].string.text = _cupsStrAlloc(cgiGetVariable("job_sheets_start"));
-    attr->values[1].string.text = _cupsStrAlloc(cgiGetVariable("job_sheets_end"));
+    ippSetString(request, &attr, 0, cgiGetVariable("job_sheets_start"));
+    ippSetString(request, &attr, 1, cgiGetVariable("job_sheets_end"));
 
     if ((var = cgiGetVariable("printer_error_policy")) != NULL)
       ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_NAME,

diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 579f23ba30143fc4e4ae754bbd637415ab4bb112..8b8f26472ea475be1d98fb0f09d6087852642d83 100644 (file)
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -1,8 +1,8 @@
 /*
  * CGI form variable and array functions for CUPS.
  *
- * Copyright 2007-2015 by Apple Inc.
- * Copyright 1997-2005 by Easy Software Products.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2005 by Easy Software Products.
  *
  * These coded instructions, statements, and computer programs are the
  * property of Apple Inc. and are protected by Federal copyright
@@ -33,10 +33,10 @@
 
 typedef struct                         /**** Form variable structure ****/
 {
-  const char   *name;                  /* Name of variable */
+  char         *name;                  /* Name of variable */
   int          nvalues,                /* Number of values */
                avalues;                /* Number of values allocated */
-  const char   **values;               /* Value(s) of variable */
+  char         **values;               /* Value(s) of variable */
 } _cgi_var_t;
 
 
@@ -139,10 +139,10 @@ cgiClearVariables(void)
 
   for (v = form_vars, i = form_count; i > 0; v ++, i --)
   {
-    _cupsStrFree(v->name);
+    free(v->name);
     for (j = 0; j < v->nvalues; j ++)
       if (v->values[j])
-        _cupsStrFree(v->values[j]);
+        free(v->values[j]);
   }
 
   form_count = 0;
@@ -168,7 +168,7 @@ cgiGetArray(const char *name,               /* I - Name of array variable */
   if (element < 0 || element >= var->nvalues)
     return (NULL);
 
-  return (_cupsStrRetain(var->values[element]));
+  return (strdup(var->values[element]));
 }
 
 
@@ -234,7 +234,7 @@ cgiGetVariable(const char *name)    /* I - Name of variable */
                  var->values[var->nvalues - 1]));
 #endif /* DEBUG */
 
-  return ((var == NULL) ? NULL : _cupsStrRetain(var->values[var->nvalues - 1]));
+  return ((var == NULL) ? NULL : strdup(var->values[var->nvalues - 1]));
 }
 
 
@@ -382,10 +382,9 @@ cgiSetArray(const char *name,              /* I - Name of variable */
   {
     if (element >= var->avalues)
     {
-      const char **temp;               /* Temporary pointer */
+      char **temp;                     /* Temporary pointer */
 
-      temp = (const char **)realloc((void *)(var->values),
-                                    sizeof(char *) * (size_t)(element + 16));
+      temp = (char **)realloc((void *)(var->values), sizeof(char *) * (size_t)(element + 16));
       if (!temp)
         return;
 
@@ -401,9 +400,9 @@ cgiSetArray(const char *name,               /* I - Name of variable */
       var->nvalues = element + 1;
     }
     else if (var->values[element])
-      _cupsStrFree((char *)var->values[element]);
+      free((char *)var->values[element]);
 
-    var->values[element] = _cupsStrAlloc(value);
+    var->values[element] = strdup(value);
   }
 }
 
@@ -460,10 +459,9 @@ cgiSetSize(const char *name,               /* I - Name of variable */
 
   if (size >= var->avalues)
   {
-    const char **temp;                 /* Temporary pointer */
+    char **temp;                       /* Temporary pointer */
 
-    temp = (const char **)realloc((void *)(var->values),
-                                 sizeof(char *) * (size_t)(size + 16));
+    temp = (char **)realloc((void *)(var->values), sizeof(char *) * (size_t)(size + 16));
     if (!temp)
       return;
 
@@ -480,7 +478,7 @@ cgiSetSize(const char *name,                /* I - Name of variable */
   {
     for (i = size; i < var->nvalues; i ++)
       if (var->values[i])
-        _cupsStrFree((void *)(var->values[i]));
+        free((void *)(var->values[i]));
   }
 
   var->nvalues = size;
@@ -515,9 +513,9 @@ cgiSetVariable(const char *name,    /* I - Name of variable */
   {
     for (i = 0; i < var->nvalues; i ++)
       if (var->values[i])
-        _cupsStrFree((char *)var->values[i]);
+        free((char *)var->values[i]);
 
-    var->values[0] = _cupsStrAlloc(value);
+    var->values[0] = strdup(value);
     var->nvalues   = 1;
   }
 }
@@ -563,10 +561,10 @@ cgi_add_variable(const char *name,        /* I - Variable name */
   if ((var->values = calloc((size_t)element + 1, sizeof(char *))) == NULL)
     return;
 
-  var->name            = _cupsStrAlloc(name);
+  var->name            = strdup(name);
   var->nvalues         = element + 1;
   var->avalues         = element + 1;
-  var->values[element] = _cupsStrAlloc(value);
+  var->values[element] = strdup(value);
 
   form_count ++;
 }
@@ -598,7 +596,7 @@ cgi_find_variable(const char *name) /* I - Name of variable */
   if (form_count < 1 || name == NULL)
     return (NULL);
 
-  key.name = name;
+  key.name = (char *)name;
 
   return ((_cgi_var_t *)bsearch(&key, form_vars, (size_t)form_count, sizeof(_cgi_var_t),
                            (int (*)(const void *, const void *))cgi_compare_variables));

diff --git a/cups/string.c b/cups/string.c
index 0d4ed0f50e4d54dce0f7fe92d2a78b1c5992d727..dd9c12ce833555d6fa02092b9dac2e0950859c6e 100644 (file)
--- a/cups/string.c
+++ b/cups/string.c
@@ -1,8 +1,8 @@
 /*
  * String functions for CUPS.
  *
- * Copyright 2007-2014 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products.
  *
  * These coded instructions, statements, and computer programs are the
  * property of Apple Inc. and are protected by Federal copyright
@@ -316,15 +316,6 @@ _cupsStrFree(const char *s)                /* I - String to free */
 
   key = (_cups_sp_item_t *)(s - offsetof(_cups_sp_item_t, str));
 
-#ifdef DEBUG_GUARDS
-  if (key->guard != _CUPS_STR_GUARD)
-  {
-    DEBUG_printf(("5_cupsStrFree: Freeing string %p(%s), guard=%08x, "
-                  "ref_count=%d", key, key->str, key->guard, key->ref_count));
-    abort();
-  }
-#endif /* DEBUG_GUARDS */
-
   if ((item = (_cups_sp_item_t *)cupsArrayFind(stringpool, key)) != NULL &&
       item == key)
   {
@@ -332,6 +323,14 @@ _cupsStrFree(const char *s)                /* I - String to free */
     * Found it, dereference...
     */
 
+#ifdef DEBUG_GUARDS
+    if (key->guard != _CUPS_STR_GUARD)
+    {
+      DEBUG_printf(("5_cupsStrFree: Freeing string %p(%s), guard=%08x, ref_count=%d", key, key->str, key->guard, key->ref_count));
+      abort();
+    }
+#endif /* DEBUG_GUARDS */
+
     item->ref_count --;
 
     if (!item->ref_count)

diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index e00275b09cd129863633790ae2bddca2a7bc1d4b..9be8a7f3b67f82d4d6a09e22bebbd191d06cd2f9 100644 (file)
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -2601,8 +2601,7 @@ add_printer(cupsd_client_t  *con, /* I - Client connection */
       if (!strcmp(attr->values[i].string.text, "none"))
         continue;
 
-      printer->reasons[printer->num_reasons] =
-          _cupsStrRetain(attr->values[i].string.text);
+      printer->reasons[printer->num_reasons] = _cupsStrAlloc(attr->values[i].string.text);
       printer->num_reasons ++;
 
       if (!strcmp(attr->values[i].string.text, "paused") &&
@@ -4892,8 +4891,9 @@ copy_printer_attrs(
 
         if ((p2_uri = ippFindAttribute(p2->attrs, "printer-uri-supported",
                                       IPP_TAG_URI)) != NULL)
-          member_uris->values[i].string.text =
-             _cupsStrRetain(p2_uri->values[0].string.text);
+        {
+          member_uris->values[i].string.text = _cupsStrAlloc(p2_uri->values[0].string.text);
+        }
         else
        {
          httpAssembleURIf(HTTP_URI_CODING_ALL, printer_uri,