think the previous mail was encrypted in a way you can't decrypt, so I give it
another try ...
PS: here also the arguments of Mustek_DMAWrite:
(gdb) p *chip
$16 = {fd = 0, firmwarestate = FS_OPENED, motorstate = MS_STILL,
isFirstOpenChip = 1, UsbHost = HT_USB10, lsLightSource
= LS_REFLECTIVE, Scan = {LongX = 0, PicWidth = 0, PicHeight = 0, Top = 0,
Bottom = 0, Left = 0, Right = 0, ScanMode = 0,
Dpi = 0,
TotalMotorSteps = 60000, CCD_Pixel_Length = 0, LineGap = 0 '\000',
TG_Pulse_Width_Pixel = 0 '\000',
TG_Wait_Width_Pixel = 0 '\000', Multi_TG_Dummy_Pixel = 0, CCD_Dummy_Pixel = 0,
Dummy_Cycle = 0 '\000', TG_Times = 0
'\000', LineTime = 0, StartPixel = 0,
StartLine = 0}, dwBytesCountPerRow = 0, dwCalibrationBytesCountPerRow = 0,
Temp = {Shading_Table_Size = 0,
Image_Buffer_Size = 0, Full_Bank = 0, Line_Pixel = 0, Line_Time = 0, LineGap =
0 '\000'}, Timing = {AFE_ADCCLK_Timing =
1010580480, AFE_ADCVS_Timing = 12582912,
AFE_ADCRS_Timing = 3072, AFE_ChannelA_LatchPos = 3080,
AFE_ChannelB_LatchPos = 3602, AFE_ChannelC_LatchPos = 5634,
AFE_ChannelD_LatchPos = 1546, AFE_Secondary_FF_LatchPos = 12 '\f',
CCD_DummyCycleTiming = 0, PHTG_PluseWidth = 12 '\f',
PHTG_WaitWidth = 1 '\001',
ChannelR_StartPixel = 100, ChannelR_EndPixel = 200, ChannelG_StartPixel =
100, ChannelG_EndPixel = 200,
ChannelB_StartPixel = 100, ChannelB_EndPixel = 200, PHTG_TimingAdj = 1 '\001',
PHTG_TimingSetup = 0 '\000',
CCD_PHRS_Timing_1200 = 983040,
CCD_PHCP_Timing_1200 = 61440, CCD_PH1_Timing_1200 = 4293918720,
CCD_PH2_Timing_1200 = 1048320,
DE_CCD_SETUP_REGISTER_1200 = 32 ' ', wCCDPixelNumber_1200 = 11250,
CCD_PHRS_Timing_600 = 983040, CCD_PHCP_Timing_600 =
61440, CCD_PH1_Timing_600 = 4293918720,
CCD_PH2_Timing_600 = 1048320, DE_CCD_SETUP_REGISTER_600 = 0 '\000',
wCCDPixelNumber_600 = 7500}, AD = {GainR = 0
'\000', GainG = 0 '\000', GainB = 0 '\000', OffsetR = 0 '\000', OffsetG = 0
'\000', OffsetB = 0 '\000', DirectionR = 0,
DirectionG = 0, DirectionB = 0},
isHardwareShading = 0, RamPositions = {Shading = 0, Shading_0 = 0 '\000',
Shading_1 = 0 '\000', Shading_2 = 0 '\000',
Motor = 0, Motor_0 = 0 '\000', Motor_1 = 0 '\000', Motor_2 = 0 '\000',
ImageEndAddr_0 = 0 '\000', ImageEndAddr_1 = 0
'\000', ImageEndAddr_2 = 0 '\000',
ImageFullBank_0 = 0 '\000', ImageFullBank_1 = 0 '\000'}, lpGammaTable =
0x0, isMotorMove = 1 '\001', ibase1 = 0,
ibase2 = 0, SWWidth = 0, TA_Status = TA_UNKNOW, isMotorGoToFirstLine = 1
'\001', lpShadingTable = 0x0,
isUniformSpeedToScan = 0 '\000'}
(gdb) p size
$17 = 64
(gdb) p lpdata
$18 = (SANE_Byte *) 0x5555558eac20 ""
(gdb) p lpdata+1
$19 = (SANE_Byte *) 0x5555558eac21
"\001\002\003\004\005\006\a\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037
!\"#$%&'()*+,-./0123456789:;<=>?"
(gdb)
On 05.09.2018 10:35, Michael Becker wrote:
> Hi Bernhard,
>
> here the backtrace with libsane-dbg installed:
>
> (gdb) where
> #0 0x00007ffff6808f3b in __GI_raise (sig=sig@entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:51
> #1 0x00007ffff680a2f1 in __GI_abort () at abort.c:79
> #2 0x00007ffff684b867 in __libc_message (action=do_abort,
> fmt=fmt@entry=0x7ffff6955061 "*** %s ***: %s terminated\n")
> at ../sysdeps/posix/libc_fatal.c:181
> #3 0x00007ffff68dc49e in __GI___fortify_fail_abort
> (need_backtrace=need_backtrace@entry=false,
> msg=msg@entry=0x7ffff695503f "stack smashing detected") at fortify_fail.c:33
> #4 0x00007ffff68dc462 in __stack_chk_fail () at stack_chk_fail.c:29
> #5 0x00007fffed5aff40 in Mustek_DMAWrite (size=size@entry=64,
> lpdata=lpdata@entry=0x5555558eac20 "",
> chip=0x7fffed7cb8c0 <g_chip>) at mustek_usb2_asic.c:354
> #6 0x00007fffed5b0bf5 in DRAM_Test (chip=0x7fffed7cb8c0 <g_chip>) at
> mustek_usb2_asic.c:2444
> #7 0x00007fffed5b0bf5 in SafeInitialChip (chip=0x7fffed7cb8c0 <g_chip>) at
> mustek_usb2_asic.c:2368
> #8 0x00007fffed5b0bf5 in Asic_Open (pDeviceName=<optimized out>,
> chip=0x7fffed7cb8c0 <g_chip>) at mustek_usb2_asic.c:3603
> #9 0x00007fffed5b4fe0 in MustScanner_PowerControl
> (isLampOn=isLampOn@entry=0, isTALampOn=isTALampOn@entry=0) at
> mustek_usb2_high.c:298
> #10 0x00007fffed5b7eba in PowerControl (isTALampOn=0, isLampOn=0) at
> mustek_usb2.c:565
> #11 0x00007fffed5b7eba in sane_mustek_usb2_open (devicename=<optimized out>,
> handle=0x7fffffffc4b8) at mustek_usb2.c:2101
> #12 0x00007ffff7dacb16 in sane_dll_open (full_name=<optimized out>,
> meta_handle=0x7fffffffc558) at dll.c:1200
> #13 0x00005555555dc298 in xsane_device_dialog () at xsane.c:4889
> #14 0x00005555555dedbd in xsane_interface (argv=<optimized out>,
> argc=<optimized out>) at xsane.c:5981
> #15 0x000055555556ff4a in main (argc=1, argv=0x7fffffffdf88) at xsane.c:6217
>
> Cheers: Michael
>
>
>
> On 04.09.2018 21:22, Bernhard Übelacker wrote:
>> Hello Michael Becker,
>> unfortunately it is not enough to just install the debug
>> information for the executable.
>>
>> In your case the shared library leads us to the libsane package:
>> # dpkg -S /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1
>> libsane:amd64: /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1
>>
>> Unfortunately libsane has not yet a dbgsym package, but there is an old
>> style libsane-dbg.
>> With that installed your backtrace would be a lot more easier to read.
>>
>> Nevertheless, from running xsane without such a hardware and just from
>> inspecting the assembly addresses I think this stack smashing happens
>> somewhere
>> in function Mustek_DMAWrite [1].
>>
>> I think this is the same issue as another user reported in bug #886777.
>> There is also a short draft how I think it could be possible to get
>> the exact location of the overwriting.
>>
>> Unfortunately there I used wrongly "libsane-dbgsym" instead of "libsane-dbg".
>> Probably thereof that user never reported back ...
>>
>> But probably you could give it a try?
>>
>> Kind regards,
>> Bernhard
>>
>>
>> #886777 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886777
>> [1]
>> https://gitlab.com/sane-project/backends/blob/master/backend/mustek_usb2_asic.c#L304
>>
