think the previous mail was encrypted in a way you can't decrypt, so I give it another try ...
PS: here also the arguments of Mustek_DMAWrite: (gdb) p *chip $16 = {fd = 0, firmwarestate = FS_OPENED, motorstate = MS_STILL, isFirstOpenChip = 1, UsbHost = HT_USB10, lsLightSource = LS_REFLECTIVE, Scan = {LongX = 0, PicWidth = 0, PicHeight = 0, Top = 0, Bottom = 0, Left = 0, Right = 0, ScanMode = 0, Dpi = 0, TotalMotorSteps = 60000, CCD_Pixel_Length = 0, LineGap = 0 '\000', TG_Pulse_Width_Pixel = 0 '\000', TG_Wait_Width_Pixel = 0 '\000', Multi_TG_Dummy_Pixel = 0, CCD_Dummy_Pixel = 0, Dummy_Cycle = 0 '\000', TG_Times = 0 '\000', LineTime = 0, StartPixel = 0, StartLine = 0}, dwBytesCountPerRow = 0, dwCalibrationBytesCountPerRow = 0, Temp = {Shading_Table_Size = 0, Image_Buffer_Size = 0, Full_Bank = 0, Line_Pixel = 0, Line_Time = 0, LineGap = 0 '\000'}, Timing = {AFE_ADCCLK_Timing = 1010580480, AFE_ADCVS_Timing = 12582912, AFE_ADCRS_Timing = 3072, AFE_ChannelA_LatchPos = 3080, AFE_ChannelB_LatchPos = 3602, AFE_ChannelC_LatchPos = 5634, AFE_ChannelD_LatchPos = 1546, AFE_Secondary_FF_LatchPos = 12 '\f', CCD_DummyCycleTiming = 0, PHTG_PluseWidth = 12 '\f', PHTG_WaitWidth = 1 '\001', ChannelR_StartPixel = 100, ChannelR_EndPixel = 200, ChannelG_StartPixel = 100, ChannelG_EndPixel = 200, ChannelB_StartPixel = 100, ChannelB_EndPixel = 200, PHTG_TimingAdj = 1 '\001', PHTG_TimingSetup = 0 '\000', CCD_PHRS_Timing_1200 = 983040, CCD_PHCP_Timing_1200 = 61440, CCD_PH1_Timing_1200 = 4293918720, CCD_PH2_Timing_1200 = 1048320, DE_CCD_SETUP_REGISTER_1200 = 32 ' ', wCCDPixelNumber_1200 = 11250, CCD_PHRS_Timing_600 = 983040, CCD_PHCP_Timing_600 = 61440, CCD_PH1_Timing_600 = 4293918720, CCD_PH2_Timing_600 = 1048320, DE_CCD_SETUP_REGISTER_600 = 0 '\000', wCCDPixelNumber_600 = 7500}, AD = {GainR = 0 '\000', GainG = 0 '\000', GainB = 0 '\000', OffsetR = 0 '\000', OffsetG = 0 '\000', OffsetB = 0 '\000', DirectionR = 0, DirectionG = 0, DirectionB = 0}, isHardwareShading = 0, RamPositions = {Shading = 0, Shading_0 = 0 '\000', Shading_1 = 0 '\000', Shading_2 = 0 '\000', Motor = 0, Motor_0 = 0 '\000', Motor_1 = 0 '\000', Motor_2 = 0 '\000', ImageEndAddr_0 = 0 '\000', ImageEndAddr_1 = 0 '\000', ImageEndAddr_2 = 0 '\000', ImageFullBank_0 = 0 '\000', ImageFullBank_1 = 0 '\000'}, lpGammaTable = 0x0, isMotorMove = 1 '\001', ibase1 = 0, ibase2 = 0, SWWidth = 0, TA_Status = TA_UNKNOW, isMotorGoToFirstLine = 1 '\001', lpShadingTable = 0x0, isUniformSpeedToScan = 0 '\000'} (gdb) p size $17 = 64 (gdb) p lpdata $18 = (SANE_Byte *) 0x5555558eac20 "" (gdb) p lpdata+1 $19 = (SANE_Byte *) 0x5555558eac21 "\001\002\003\004\005\006\a\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 !\"#$%&'()*+,-./0123456789:;<=>?" (gdb) On 05.09.2018 10:35, Michael Becker wrote: > Hi Bernhard, > > here the backtrace with libsane-dbg installed: > > (gdb) where > #0 0x00007ffff6808f3b in __GI_raise (sig=sig@entry=6) at > ../sysdeps/unix/sysv/linux/raise.c:51 > #1 0x00007ffff680a2f1 in __GI_abort () at abort.c:79 > #2 0x00007ffff684b867 in __libc_message (action=do_abort, > fmt=fmt@entry=0x7ffff6955061 "*** %s ***: %s terminated\n") > at ../sysdeps/posix/libc_fatal.c:181 > #3 0x00007ffff68dc49e in __GI___fortify_fail_abort > (need_backtrace=need_backtrace@entry=false, > msg=msg@entry=0x7ffff695503f "stack smashing detected") at fortify_fail.c:33 > #4 0x00007ffff68dc462 in __stack_chk_fail () at stack_chk_fail.c:29 > #5 0x00007fffed5aff40 in Mustek_DMAWrite (size=size@entry=64, > lpdata=lpdata@entry=0x5555558eac20 "", > chip=0x7fffed7cb8c0 <g_chip>) at mustek_usb2_asic.c:354 > #6 0x00007fffed5b0bf5 in DRAM_Test (chip=0x7fffed7cb8c0 <g_chip>) at > mustek_usb2_asic.c:2444 > #7 0x00007fffed5b0bf5 in SafeInitialChip (chip=0x7fffed7cb8c0 <g_chip>) at > mustek_usb2_asic.c:2368 > #8 0x00007fffed5b0bf5 in Asic_Open (pDeviceName=<optimized out>, > chip=0x7fffed7cb8c0 <g_chip>) at mustek_usb2_asic.c:3603 > #9 0x00007fffed5b4fe0 in MustScanner_PowerControl > (isLampOn=isLampOn@entry=0, isTALampOn=isTALampOn@entry=0) at > mustek_usb2_high.c:298 > #10 0x00007fffed5b7eba in PowerControl (isTALampOn=0, isLampOn=0) at > mustek_usb2.c:565 > #11 0x00007fffed5b7eba in sane_mustek_usb2_open (devicename=<optimized out>, > handle=0x7fffffffc4b8) at mustek_usb2.c:2101 > #12 0x00007ffff7dacb16 in sane_dll_open (full_name=<optimized out>, > meta_handle=0x7fffffffc558) at dll.c:1200 > #13 0x00005555555dc298 in xsane_device_dialog () at xsane.c:4889 > #14 0x00005555555dedbd in xsane_interface (argv=<optimized out>, > argc=<optimized out>) at xsane.c:5981 > #15 0x000055555556ff4a in main (argc=1, argv=0x7fffffffdf88) at xsane.c:6217 > > Cheers: Michael > > > > On 04.09.2018 21:22, Bernhard Übelacker wrote: >> Hello Michael Becker, >> unfortunately it is not enough to just install the debug >> information for the executable. >> >> In your case the shared library leads us to the libsane package: >> # dpkg -S /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1 >> libsane:amd64: /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1 >> >> Unfortunately libsane has not yet a dbgsym package, but there is an old >> style libsane-dbg. >> With that installed your backtrace would be a lot more easier to read. >> >> Nevertheless, from running xsane without such a hardware and just from >> inspecting the assembly addresses I think this stack smashing happens >> somewhere >> in function Mustek_DMAWrite [1]. >> >> I think this is the same issue as another user reported in bug #886777. >> There is also a short draft how I think it could be possible to get >> the exact location of the overwriting. >> >> Unfortunately there I used wrongly "libsane-dbgsym" instead of "libsane-dbg". >> Probably thereof that user never reported back ... >> >> But probably you could give it a try? >> >> Kind regards, >> Bernhard >> >> >> #886777 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886777 >> [1] >> https://gitlab.com/sane-project/backends/blob/master/backend/mustek_usb2_asic.c#L304 >>