Bug#583273: flegita: Crashes on startup
On Fri, May 28, 2010 at 10:42:44PM +0200, Julien BLACHE wrote: Андрей Парамонов cmr.p...@gmail.com wrote: I've managed to get the following backtrace with hplip debug symbols: 0xb090304c in sane_hpaio_control_option (handle=0x8262800, option=10, action=SANE_ACTION_GET_VALUE, pValue=0x0, pInfo=0xb34b21ac) at scan/sane/hpaio.c:2485 2485*pIntValue = hpaio-currentDuplex; I think we have a winner :-) Now you'll just have to figure out why gnome-scan passes NULL here :/ Andrey, can you try rebuilding libsane-hpaio with the patch below? Or I can put together an (unofficial) package -- just let me know which dist/arch. This is what seems to be happening: (1) hplip-3.12.2/scan/sane/hpaio.c (sane_hpaio_open) initializes the option descriptor array with zeros. Most descriptors are later given actual values (hpaioSetupOptions), but OPTION_DUPLEX (index 10) is initialized only if duplex is active; if not, its .size is left as 0. (2) gnome-scan-0.6.2/modules/gsane-scanner.c (gss_option_get_value_by_index) fetches the duplex option descriptor, and passes its .size without checking to g_malloc0. For a size of 0, g_malloc0 is defined to return NULL. This is again passed without checking to sane_control_option, which segfaults as soon as it tries to store the return value there. It's a given that gnome-scan would be better off with more sanity checks, but I think the right thing to do is for libsane-hpaio to initialize the OPTION_DUPLEX descriptor unconditionally, to ensure that the return value from sane_get_option_descriptor is valid for all callers. (I haven't worked with SANE before, and don't have a scanner to test with, so take all this with a large grain of salt. :-) Cheers, Matej --- hplip-3.12.2/scan/sane/hpaio.c~ 2012-02-01 11:52:35.0 + +++ hplip-3.12.2/scan/sane/hpaio.c 2012-05-17 10:07:20.0 +0100 @@ -1342,9 +1342,8 @@ hpaio-option[OPTION_ADF_MODE].constraint_type = SANE_CONSTRAINT_STRING_LIST; hpaio-option[OPTION_ADF_MODE].constraint.string_list = hpaio-adfModeList; -// Duplex scanning is supported -if (hpaio-supportsDuplex == 1) -{ +// hpaioUpdateDescriptors will leave this active or inactive depending +// on whether duplex is supported hpaio-option[OPTION_DUPLEX].name = STR_NAME_DUPLEX; hpaio-option[OPTION_DUPLEX].title = STR_TITLE_DUPLEX; hpaio-option[OPTION_DUPLEX].desc = STR_DESC_DUPLEX; @@ -1355,7 +1354,7 @@ SANE_CAP_SOFT_DETECT | SANE_CAP_ADVANCED; hpaio-option[OPTION_DUPLEX].constraint_type = SANE_CONSTRAINT_NONE; -} + hpaio-option[GROUP_GEOMETRY].title = STR_TITLE_GEOMETRY; hpaio-option[GROUP_GEOMETRY].type = SANE_TYPE_GROUP; hpaio-option[GROUP_GEOMETRY].cap = SANE_CAP_ADVANCED;
Bug#583273: flegita: Crashes on startup
2012/5/17 Matej Vela v...@debian.org: On Fri, May 28, 2010 at 10:42:44PM +0200, Julien BLACHE wrote: Андрей Парамонов cmr.p...@gmail.com wrote: I've managed to get the following backtrace with hplip debug symbols: 0xb090304c in sane_hpaio_control_option (handle=0x8262800, option=10, action=SANE_ACTION_GET_VALUE, pValue=0x0, pInfo=0xb34b21ac) at scan/sane/hpaio.c:2485 2485 *pIntValue = hpaio-currentDuplex; I think we have a winner :-) Now you'll just have to figure out why gnome-scan passes NULL here :/ Andrey, can you try rebuilding libsane-hpaio with the patch below? Or I can put together an (unofficial) package -- just let me know which dist/arch. This is what seems to be happening: (1) hplip-3.12.2/scan/sane/hpaio.c (sane_hpaio_open) initializes the option descriptor array with zeros. Most descriptors are later given actual values (hpaioSetupOptions), but OPTION_DUPLEX (index 10) is initialized only if duplex is active; if not, its .size is left as 0. (2) gnome-scan-0.6.2/modules/gsane-scanner.c (gss_option_get_value_by_index) fetches the duplex option descriptor, and passes its .size without checking to g_malloc0. For a size of 0, g_malloc0 is defined to return NULL. This is again passed without checking to sane_control_option, which segfaults as soon as it tries to store the return value there. It's a given that gnome-scan would be better off with more sanity checks, but I think the right thing to do is for libsane-hpaio to initialize the OPTION_DUPLEX descriptor unconditionally, to ensure that the return value from sane_get_option_descriptor is valid for all callers. (I haven't worked with SANE before, and don't have a scanner to test with, so take all this with a large grain of salt. :-) Cheers, Matej I've checked your patch and it works! Flegita appears to be really nice program ;-) Thanks, Andrey Paramonov -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#583273: flegita: Crashes on startup
Josselin Mouette j...@debian.org wrote: Hi, #2 0xb6e9da09 in sane_control_option (h=0x8232858, opt=10, act=SANE_ACTION_GET_VALUE, val=0x0, info=0xb249c1ac) at dll-s.c:36 #3 0xb6eb7f66 in ?? () from /usr/lib/gnome-scan-1.0/libgsane.so Let’s ask the Sane maintainer his opinion. Julien, do you think this is more likely a bug in the hpaio backend, or a bug in the way gnome-scan calls sane_control_option ? In this case, gnome-scan is requesting the value of option 10 but passing a NULL pointer as the destination for this value. I can't think of a case for which val=NULL would be valid on a GET_VALUE call, of the top of my head. A backtrace with hpaio debug symbols (if available?) would be nice. JB. -- Julien BLACHE jbla...@debian.org | Debian, because code matters more Debian GNU/Linux Developer| http://www.debian.org Public key available on http://www.jblache.org - KeyID: F5D6 5169 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#583273: flegita: Crashes on startup
Hello! I've managed to get the following backtrace with hplip debug symbols: 0xb090304c in sane_hpaio_control_option (handle=0x8262800, option=10, action=SANE_ACTION_GET_VALUE, pValue=0x0, pInfo=0xb34b21ac) at scan/sane/hpaio.c:2485 2485*pIntValue = hpaio-currentDuplex; (gdb) bt #0 0xb090304c in sane_hpaio_control_option (handle=0x8262800, option=10, action=SANE_ACTION_GET_VALUE, pValue=0x0, pInfo=0xb34b21ac) at scan/sane/hpaio.c:2485 #1 0xb6e9f2fd in sane_dll_control_option (handle=0x81e2b58, option=10, action=SANE_ACTION_GET_VALUE, value=0x0, info=0xb34b21ac) at dll.c:1224 #2 0xb6e9da09 in sane_control_option (h=0x81e2b58, opt=10, act=SANE_ACTION_GET_VALUE, val=0x0, info=0xb34b21ac) at dll-s.c:36 #3 0xb6eb7f66 in ?? () from /usr/lib/gnome-scan-1.0/libgsane.so #4 0xb6eb98b1 in ?? () from /usr/lib/gnome-scan-1.0/libgsane.so #5 0xb6eba5a0 in ?? () from /usr/lib/gnome-scan-1.0/libgsane.so #6 0xb777a69f in ?? () from /lib/libglib-2.0.so.0 #7 0xb76e2585 in start_thread () from /lib/i686/cmov/libpthread.so.0 #8 0xb766329e in clone () from /lib/i686/cmov/libc.so.6 I guess we need libgnomescan debug info to proceed. Could you please create libgnomescan0-dbg package? aptitude build-dep libgnomescan0 tells I need some 123 more packages to download o_0 Best wishes, Andrey Paramonov -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#583273: flegita: Crashes on startup
Андрей Парамонов cmr.p...@gmail.com wrote: Hi, I've managed to get the following backtrace with hplip debug symbols: 0xb090304c in sane_hpaio_control_option (handle=0x8262800, option=10, action=SANE_ACTION_GET_VALUE, pValue=0x0, pInfo=0xb34b21ac) at scan/sane/hpaio.c:2485 2485*pIntValue = hpaio-currentDuplex; I think we have a winner :-) Now you'll just have to figure out why gnome-scan passes NULL here :/ JB. -- Julien BLACHE jbla...@debian.org | Debian, because code matters more Debian GNU/Linux Developer| http://www.debian.org Public key available on http://www.jblache.org - KeyID: F5D6 5169 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#583273: flegita: Crashes on startup
Hello! I've tried and I've got the following backtrace. Please look at it and tell if more detailed info is needed. If so, which package should I rebuild with debug DEB_BUILD_OPTIONS? p...@neo:~$ SANE_DEBUG_HPAIO=255 gdb flegita GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i486-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/bin/flegita...(no debugging symbols found)...done. (gdb) run Starting program: /usr/bin/flegita [Thread debugging using libthread_db enabled] ** (flegita:29838): DEBUG: Initializing gnome-scan 0.6.2 for flegita (flegita) ** (flegita:29838): DEBUG: gsane-module.c:39: SANE version is 1.0.21 (flegita:29838): GVFS-RemoteVolumeMonitor-WARNING **: cannot connect to the session bus: org.freedesktop.DBus .Error.NoServer: Failed to connect to socket /tmp/dbus-lzUnqDHZGr: В соединении отказано (flegita:29838): GVFS-RemoteVolumeMonitor-WARNING **: cannot connect to the session bus: org.freedesktop.DBus .Error.NoServer: Failed to connect to socket /tmp/dbus-lzUnqDHZGr: В соединении отказано (flegita:29838): GVFS-RemoteVolumeMonitor-WARNING **: cannot connect to the session bus: org.freedesktop.DBus .Error.NoServer: Failed to connect to socket /tmp/dbus-lzUnqDHZGr: В соединении отказано [New Thread 0xb3c9fb70 (LWP 29841)] [New Thread 0xb349eb70 (LWP 29842)] (flegita:29838): Gtk-CRITICAL **: gtk_file_chooser_set_current_folder: assertion `filename != NULL' failed [New Thread 0xb2c9db70 (LWP 29843)] [New Thread 0xb249cb70 (LWP 29844)] [New Thread 0xb1c9bb70 (LWP 29845)] [Thread 0xb249cb70 (LWP 29844) exited] [Thread 0xb2c9db70 (LWP 29843) exited] [Thread 0xb349eb70 (LWP 29842) exited] [New Thread 0xb349eb70 (LWP 29847)] [sanei_debug] Setting debug level of hpaio to 255. [hpaio] sane_hpaio_init(): scan/sane/hpaio.c 1592 [hpaio] sane_hpaio_get_devices(local=0): scan/sane/hpaio.c 1611 [hpaio] scan/sane/hpaio.c 269: unsupported scantype=0 hp:/usb/HP_LaserJet_1018?serial=KP3FK5P [hpaio] sane_hpaio_open(/usb/Deskjet_F300_series?serial=CN646B403Z04KH): scan/sane/hpaio.c 1644 [hpaio] device ID string=MFG:HP;MDL:Deskjet F300 series;CMD:LDL,MLC,PML,DYN;CLS:PRINTER;1284.4DL:4d,4e,1;SN: CN646B403Z04KH;S:038000820020002c14f1000c2501005;Z:007;: scan/sane/hpaio.c 1699 [hpaio] Model = Deskjet_F300_series: scan/sane/hpaio.c 1707 [hpaio] Scanner type=SCL: scan/sane/hpaio.c 1791 [New Thread 0xb2c9db70 (LWP 29848)] [Thread 0xb2c9db70 (LWP 29848) exited] [New Thread 0xb2c9db70 (LWP 29849)] [Thread 0xb2c9db70 (LWP 29849) exited] [New Thread 0xb2c9db70 (LWP 29850)] [Thread 0xb2c9db70 (LWP 29850) exited] [New Thread 0xb2c9db70 (LWP 29851)] [Thread 0xb2c9db70 (LWP 29851) exited] [New Thread 0xb2c9db70 (LWP 29852)] [Thread 0xb2c9db70 (LWP 29852) exited] [New Thread 0xb2c9db70 (LWP 29853)] [Thread 0xb2c9db70 (LWP 29853) exited] [New Thread 0xb2c9db70 (LWP 29854)] [New Thread 0xb249cb70 (LWP 29855)] [Thread 0xb2c9db70 (LWP 29854) exited] [hpaio] SclSendCommand: size=2 bytes_wrote=2: scan/sane/scl.c 200 [hpaio] [] 1B 45 .E [Thread 0xb249cb70 (LWP 29855) exited] [New Thread 0xb249cb70 (LWP 29856)] [Thread 0xb249cb70 (LWP 29856) exited] [New Thread 0xb2c9db70 (LWP 29857)] [hpaio] SclSendCommand: size=4 bytes_wrote=4: scan/sane/scl.c 200 [hpaio] [] 1B 2A 6F 45 .*oE [Thread 0xb2c9db70 (LWP 29857) exited] [New Thread 0xb249cb70 (LWP 29858)] [Thread 0xb249cb70 (LWP 29858) exited] [New Thread 0xb2c9db70 (LWP 29859)] [hpaio] SclSendCommand: size=6 bytes_wrote=6: scan/sane/scl.c 200 [hpaio] [] 1B 2A 73 31 38 45 .*s18E [Thread 0xb2c9db70 (LWP 29859) exited] [New Thread 0xb249cb70 (LWP 29860)] [Thread 0xb249cb70 (LWP 29860) exited] [New Thread 0xb249cb70 (LWP 29861)] [Thread 0xb249cb70 (LWP 29861) exited] [hpaio] SclChannelRead: len=7: scan/sane/scl.c 252 [hpaio] [] 1B 2A 73 31 38 64 4E.*s18dN [hpaio] SclInquire null response. scan/sane/scl.c 272 [hpaio] scl.compat1150=: scan/sane/hpaio.c 1827 [New Thread 0xb249cb70 (LWP 29862)] [New Thread 0xb2c9db70 (LWP 29863)] [Thread 0xb249cb70 (LWP 29862) exited] [hpaio] SclSendCommand: size=6 bytes_wrote=6: scan/sane/scl.c 200 [hpaio] [] 1B 2A 73 31 39 45 .*s19E [New Thread 0xb249cb70 (LWP 29864)] [Thread 0xb2c9db70 (LWP 29863) exited] [Thread 0xb249cb70 (LWP 29864) exited] [New Thread 0xb249cb70 (LWP 29865)] [Thread 0xb249cb70 (LWP 29865) exited] [hpaio] SclChannelRead: len=13: scan/sane/scl.c 252 [hpaio] [] 1B 2A 73 31 39 64 35 57 35 39 30 30 41 .*s19d5W5900A [hpaio] scl.compatPost1150=5900A:
Bug#583273: flegita: Crashes on startup
Le jeudi 27 mai 2010 à 23:25 +0400, Андрей Парамонов a écrit : Hello! I've tried and I've got the following backtrace. Please look at it and tell if more detailed info is needed. If so, which package should I rebuild with debug DEB_BUILD_OPTIONS? Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb249cb70 (LWP 29910)] 0xb09f504c in sane_hpaio_control_option () from /usr/lib/sane/libsane-hpaio.so.1 (gdb) bt #0 0xb09f504c in sane_hpaio_control_option () from /usr/lib/sane/libsane-hpaio.so.1 #1 0xb6e9f2fd in sane_dll_control_option (handle=0x8232858, option=10, action=SANE_ACTION_GET_VALUE, value=0x0, info=0xb249c1ac) at dll.c:1224 #2 0xb6e9da09 in sane_control_option (h=0x8232858, opt=10, act=SANE_ACTION_GET_VALUE, val=0x0, info=0xb249c1ac) at dll-s.c:36 #3 0xb6eb7f66 in ?? () from /usr/lib/gnome-scan-1.0/libgsane.so Let’s ask the Sane maintainer his opinion. Julien, do you think this is more likely a bug in the hpaio backend, or a bug in the way gnome-scan calls sane_control_option ? Cheers, -- .''`. Josselin Mouette : :' : `. `' “A handshake with whitnesses is the same `- as a signed contact.” -- Jörg Schilling -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#583273: flegita: Crashes on startup
Package: flegita Version: 0.6.2-1 Severity: grave Hello! Flegita fails to initialize on my system with the following message: (flegita:23308): GLib-CRITICAL **: g_utf8_strlen: assertion `p != NULL || max == 0' failed Ошибка сегментирования It happens split second after my scanner is detected (I can actually see the scanner name in the device list for a moment). I'm ready to provide any additional info, Andrey Paramonov -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (1000, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages flegita depends on: ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libbabl-0.0-0 0.0.22-1 Dynamic, any to any, pixel format ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra ii libfontconfig12.8.0-2.1 generic font configuration library ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib ii libgconf2-4 2.28.1-3 GNOME configuration database syste ii libgegl-0.0-0 0.0.22-2 Generic Graphics Library ii libglib2.0-0 2.24.1-1 The GLib library of C routines ii libgnomescan0 0.6.2-1Scan library for GNOME - runtime ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface ii libpango1.0-0 1.28.0-1 Layout and rendering of internatio flegita recommends no packages. flegita suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#583273: flegita: Crashes on startup
Le mercredi 26 mai 2010 à 21:56 +0400, Andrey a écrit : Flegita fails to initialize on my system with the following message: (flegita:23308): GLib-CRITICAL **: g_utf8_strlen: assertion `p != NULL || max == 0' failed Ошибка сегментирования It happens split second after my scanner is detected (I can actually see the scanner name in the device list for a moment). I’m afraid I can’t help without a backtrace. See http://wiki.debian.org/HowToGetABacktrace Cheers, -- .''`. Josselin Mouette : :' : `. `' “If you behave this way because you are blackmailed by someone, `-[…] I will see what I can do for you.” -- Jörg Schilling signature.asc Description: This is a digitally signed message part