Package: libsane
Version: 1.0.19-21
Severity: normal
Tags: patch
I get a double-free error when using the epjitsu backend, which causes
gscan2pdf to choke on the scanimage/scanadf output.
This problem was discussed at
http://www.nabble.com/Double-free-following-scan-on-ubuntu-hardy-8.04-with-epjitsu-fi-60f-tt16944697.html
and fixed in the upstream CVS repository.
I've backported the upstream fixes and made an updated packaged, which
is available from
http://mentors.debian.net/debian/pool/main/s/sane-backends/ . I did my
best to be consistent with the current packaging. Please upload it or
simply incorporate the 41_epjitsu_fixes.dpatch (attached) in your next
revision.
Regards,
Jose
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libsane depends on:
ii adduser 3.110 add and remove users and groups
ii libavahi-client3 0.6.23-2 Avahi client library
ii libavahi-common3 0.6.23-2 Avahi common library
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libexif12 0.6.16-2.1 library to parse EXIF files
ii libgphoto2-2 2.4.1-3 gphoto2 digital camera library
ii libgphoto2-port0 2.4.1-3 gphoto2 digital camera port librar
ii libieee1284-3 0.2.11-5 cross-platform library for paralle
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libsane-extras 1.0.19.11 API library for scanners -- extra
ii libtiff4 3.8.2-11 Tag Image File Format (TIFF) libra
ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library
ii makedev 2.3.1-88 creates device files in /dev
ii udev 0.125-7 /dev/ and hotplug management daemo
Versions of packages libsane recommends:
ii avahi-daemon 0.6.23-2 Avahi mDNS/DNS-SD daemon
ii sane-utils 1.0.19-21 API library for scanners -- utilit
Versions of packages libsane suggests:
pn hplip <none> (no description available)
pn hpoj <none> (no description available)
-- no debconf information
#! /bin/sh /usr/share/dpatch/dpatch-run
## 41_epijitsu_fixes.dpatch by <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Upstream fixes to the fujitsu backend:
## DP: - fix double free error
## DP: - sanei_read_config has already cleaned string
@DPATCH@
diff -urNad sane-backends-1.0.19~/backend/epjitsu.c sane-backends-1.0.19/backend/epjitsu.c
--- sane-backends-1.0.19~/backend/epjitsu.c 2008-11-23 18:36:55.000000000 +0900
+++ sane-backends-1.0.19/backend/epjitsu.c 2008-11-24 13:24:12.000000000 +0900
@@ -90,8 +90,13 @@
- fi-60F 300 & 600 dpi support (150 is non-square?)
- fi-60F gray & binary support
- fi-60F improved calibration
- V 1.0.10, 2007-12-19, MAN
+ V 1.0.10, 2007-12-19, MAN (SANE v1.0.19)
- fix missing function (and memory leak)
+ V 1.0.11 2008-02-14, MAN
+ - sanei_config_read has already cleaned string (#310597)
+ V 1.0.12 2008-02-28, MAN
+ - cleanup double free bug with new destroy()
+
SANE FLOW DIAGRAM
@@ -151,7 +156,7 @@
#include "epjitsu-cmd.h"
#define DEBUG 1
-#define BUILD 10
+#define BUILD 12
unsigned char global_firmware_filename[PATH_MAX];
@@ -210,7 +215,6 @@
struct scanner *dev;
char line[PATH_MAX];
const char *lp;
- size_t len;
authorize = authorize; /* get rid of compiler warning */
@@ -233,17 +237,12 @@
while (sanei_config_read (line, PATH_MAX, fp)) {
+ lp = line;
+
/* ignore comments */
- if (line[0] == '#')
+ if (*lp == '#')
continue;
- /* delete newline characters at end */
- len = strlen (line);
- if (line[len - 1] == '\n')
- line[--len] = '\0';
-
- lp = sanei_config_skip_whitespace (line);
-
/* skip empty lines */
if (*lp == 0)
continue;
@@ -320,7 +319,7 @@
/* copy the device name */
s->sane.name = strdup (name);
if (!s->sane.name){
- sane_close((SANE_Handle)s);
+ destroy(s);
return SANE_STATUS_NO_MEM;
}
@@ -330,14 +329,14 @@
s->fd = -1;
ret = connect_fd(s);
if(ret != SANE_STATUS_GOOD){
- sane_close((SANE_Handle)s);
+ destroy(s);
return ret;
}
/* load the firmware file into scanner */
ret = load_fw(s);
if (ret != SANE_STATUS_GOOD) {
- sane_close((SANE_Handle)s);
+ destroy(s);
DBG (5, "attach_one: firmware load failed\n");
return ret;
}
@@ -345,7 +344,7 @@
/* Now query the device to load its vendor/model/version */
ret = get_ident(s);
if (ret != SANE_STATUS_GOOD) {
- sane_close((SANE_Handle)s);
+ destroy(s);
DBG (5, "attach_one: identify failed\n");
return ret;
}
@@ -2989,19 +2988,6 @@
disconnect_fd(s);
}
- if(s->sane.name){
- free(s->sane.name);
- }
- if(s->sane.model){
- free(s->sane.model);
- }
- if(s->sane.vendor){
- free(s->sane.vendor);
- }
-
- teardown_buffers(s);
- free(s);
-
DBG (10, "sane_close: finish\n");
}
@@ -3022,6 +3008,31 @@
}
static SANE_Status
+destroy(struct scanner *s)
+{
+ SANE_Status ret = SANE_STATUS_GOOD;
+
+ DBG (10, "destroy: start\n");
+
+ teardown_buffers(s);
+
+ if(s->sane.name){
+ free(s->sane.name);
+ }
+ if(s->sane.vendor){
+ free(s->sane.vendor);
+ }
+ if(s->sane.model){
+ free(s->sane.model);
+ }
+
+ free(s);
+
+ DBG (10, "destroy: finish\n");
+ return ret;
+}
+
+static SANE_Status
teardown_buffers(struct scanner *s)
{
SANE_Status ret = SANE_STATUS_GOOD;
@@ -3089,7 +3100,7 @@
for (dev = scanner_devList; dev; dev = next) {
next = dev->next;
- free(dev);
+ destroy(dev);
}
if (sane_devArray)
diff -urNad sane-backends-1.0.19~/backend/epjitsu.h sane-backends-1.0.19/backend/epjitsu.h
--- sane-backends-1.0.19~/backend/epjitsu.h 2007-12-20 07:14:19.000000000 +0900
+++ sane-backends-1.0.19/backend/epjitsu.h 2008-11-24 13:23:51.000000000 +0900
@@ -263,6 +263,7 @@
static SANE_Status change_params(struct scanner *s);
void update_block_totals(struct scanner * s);
+static SANE_Status destroy(struct scanner *s);
static SANE_Status teardown_buffers(struct scanner *s);
static SANE_Status setup_buffers(struct scanner *s);
