Bug#886777: crashes with Mustek scanner which worked before

2018-07-27 Thread Bernhard Übelacker 
Hello 

On Tue, 3 Jul 2018 20:57:46 +0200 "W. Martin Borgert"  
wrote:
> Any more ideas? The workaround with the Jessie chroot is OK, but.. ;~)

A way to get more information would be to install the debug information packages
and let simple-scan run by gdb [1].

[1] https://wiki.debian.org/HowToGetABacktrace


I suggest these steps:

- Add "deb http://debug.mirrors.debian.org/debian-debug/ testing-debug main" to 
your sources.list
- apt update
- apt install gdb simple-scan-dbgsym libsane-dbgsym

As regular user then:
-  gdb -q --args simple-scan
-  cont
When the stack smashing happens:
-  bt
-  detach
-  q


Also I tried to instect a simple-scan process without having the actual scanner.
I gues the problem is inside function Mustek_DMAWrite:

0x7fffb6db7f40: Mustek_DMAWrite:   354 } // 
0x7fffb6db7f3b :callq  0x7fffb6dabf70 
<__stack_chk_fail@plt>
0x7fffb6db8bf5: Asic_Open:2444:  status = 
Mustek_DMAWrite (chip, 64, (SANE_Byte *) (temps));
0x7fffb6dbcfe0: MustScanner_PowerControl:  298:   if (STATUS_GOOD != 
Asic_Open (&g_chip, g_pDeviceFile))
0x7fffb6dbfeba: sane_mustek_usb2_open: 565:   return 
MustScanner_PowerControl (isLampOn, isTALampOn);

Unfortunately the "stack smashing" is just detected
when leaving the function, so the actual problem was somewhere
between entering Mustek_DMAWrite and leaving.


So if one does not fear gdb and wants to debug that following
sequence could lead to the exact location where the stack
smashing detection bytes get overwritten:

   (gdb) print Mustek_DMAWrite
   $6 = {STATUS (unsigned int, SANE_Byte *, PAsic)} 0x7fffb6db7da0 


   # use function address from above
   (gdb) b *(0x7fffb6db7da0+36)
   Breakpoint 5 at 0x7fffb6db7dc4: file mustek_usb2_asic.c, line 304.

   (gdb) cont

   (gdb) print/x $rsp+0x18
   $4 = 0x7fffe3c8

   # use memory location from above
   (gdb) watch *0x7fffe3c8
   Hardware watchpoint 2: *0x7fffe3c8

   (gdb) cont
   Continuing.

   # possibly the watchpoint triggers

   Hardware watchpoint 2: *0x7fffe3c8

   Old value = 1953463552
   New value = 1953463807
   ...

   # that should show the problematic stack
   (gdb) bt



(gdb) disassemble Mustek_DMAWrite
Dump of assembler code for function Mustek_DMAWrite:
...
   0x7fffb6db7db6 <+22>:mov%fs:0x28,%rax  # 
"magic" value loaded to register
   0x7fffb6db7dbf <+31>:mov%rax,0x18(%rsp)# 
and stored from register to some memory after local variables
   0x7fffb6db7dc4 <+36>:xor%eax,%eax
...
  # 
do some useful work
...
   0x7fffb6db7e80 <+224>:   xor%fs:0x28,%rcx  # 
compare "magic" to the memory we stored above
   0x7fffb6db7e89 <+233>:   mov%r15d,%eax
   0x7fffb6db7e8c <+236>:   jne0x7fffb6db7f3b# 
if it changed we jump to +411 -> stack smashing detected
   0x7fffb6db7e92 <+242>:   add$0x28,%rsp # 
or if unchanged all is ok -> safe to continue
   0x7fffb6db7e96 <+246>:   pop%rbx
   0x7fffb6db7e97 <+247>:   pop%rbp
   0x7fffb6db7e98 <+248>:   pop%r12
   0x7fffb6db7e9a <+250>:   pop%r13
   0x7fffb6db7e9c <+252>:   pop%r14
   0x7fffb6db7e9e <+254>:   pop%r15
   0x7fffb6db7ea0 <+256>:   retq   
...
   0x7fffb6db7f3b <+411>:   callq  0x7fffb6dabf70 <__stack_chk_fail@plt>
End of assembler dump.


Kind regards,
Bernhard






7f38806a-7f38806c7000 r-xp  fd:01 13110586   
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1.0.25

*** stack smashing detected ***: simple-scan terminated
=== Backtrace: =
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xef40)[0x7f38806aef40]
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xfbf5)[0x7f38806afbf5]
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0x13fe0)[0x7f38806b3fe0]
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(sane_mustek_usb2_open+0x35a)[0x7f38806b6eba]


0x7f38806b6eba == sane_mustek_usb2_open+0x35a -> sane_mustek_usb2_open == 
0x7F38806B6B60 -> offset 0x16B60


#
#
#
#

0x7fffb6db7f40: Mustek_DMAWrite:   354 } // 
0x7fffb6db7f3b :callq  0x7fffb6dabf70 
<__stack_chk_fail@plt>
0x7fffb6db8bf5: Asic_Open:2444:  status = 
Mustek_DMAWrite (chip, 64, (SANE_Byte *) (temps));
0x7fffb6dbcfe0: MustScanner_PowerControl:  298:   if (STATUS_GOOD != 
Asic_Open (&g_chip, g_pDeviceFile))
0x7fffb6dbfeba: sane_mustek_usb2_open: 565:   return 
MustScanner_PowerControl (isLampOn, isTALampOn);

#
#
#
#


nano /etc/apt/sources.list.d/buster.list
deb http://debug.mirrors.debian.org/de

Bug#886777: crashes with Mustek scanner which worked before

2018-07-03 Thread W. Martin Borgert 
On 2018-01-11 10:08, W. Martin Borgert wrote:
> I can try an older kernel, but because it works in jessie, I
> assume something purely user space, right?

Same exception with

Linux 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 
GNU/Linux

Any more ideas? The workaround with the Jessie chroot is OK, but.. ;~)

Bug#886777: crashes with Mustek scanner which worked before

2018-01-11 Thread W. Martin Borgert 
Control: tag -1 - moreinfo

> Do you have update the kernel after the last successful scan?

I can use simple-scan in a jessie chroot, just not in stretch
(other chroot) or buster ("native"). I.e. same (buster) kernel:

Linux 4.14.0-2-amd64 #1 SMP Debian 4.14.7-1 (2017-12-22) x86_64 GNU/Linux

I can try an older kernel, but because it works in jessie, I
assume something purely user space, right?

Cheers


signature.asc
Description: PGP signature

Bug#886777: crashes with Mustek scanner which worked before

2018-01-10 Thread Jörg Frings-Fürst 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

tags 886777 + moreinfo
thanks


Hello Martin,


thank you for spending your time helping to make Debian better with
this bug report.

Do you have update the kernel after the last successful scan?

If yes please can you test with the old kernel?

Many thanks.


CU
Jörg 


- -- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser

Threema:  SYR8SJXB
Wire: @joergfringsfuerst
Skype:joergpenguin
Ring: jff
Telegram: @joergfringsfuerst

IRC: j_...@freenode.net
 j_...@oftc.net

My wish list: 
 - Please send me a picture from the nature at your home.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlpW/aQACgkQCfifPIyh
0l2o5xAA1hnKQL37zIIc5uTT34lPV1J+XzrlV0mFafrsR7lf8/uP7ng5LRdX4oqT
7Skuhm8lxZ8PQq6KobH+oIgr/wMbSc6A7Mjhu3gaSh4aZd0vDjfE44YBDXO2hXNI
bn0kWz1lrsb2AgpmSthC6z6ZnYbIBVp6hBe8lnuR5ZPrkrw7DEGn2cvjdPXkG+Ho
BQQG6jy+Kn6Ee1aL3/dY+Y3JFA+LYuk1T2tjbWKyHiBuZfhp8xOBgCV37MSfN3Qf
edyhu90EUk4Q0XQzx28FmtX6G2EEnNDaU5cDYNQ19jX/I6Ws8CrehIzAZkYZrwGP
gDxkDq3I5zeHDl1T5R0mNXmHS5LvIlaeN7xcsoSvnp+Uas9aYn0MUu4FSMziNz6D
09c6y3VpbX+kz402bia6oML57lEtXBnOUxSaUY4jibI+V86ua+MWdgSuoI5YibtZ
V6ItSWC36RxT2/cA+jrDRSf6hshglSluSQx81ib4LHyLRIkoYMQph09JCv20UwxK
u9ijwnFVWvXFhJ1yX2nySYdb7rHYob9kKTehk5OPyavV54ot49kLH91KbhQEYXTt
EkKjUlcUrp1zi/V0xyZTTqmjKkInJafmXoE01pwlvB6gBjeGsd8E5f52SPH6DJ9u
Jqv/nVS2CVcEKSiLZmmhNVIHua4YqlTNMUrXUd3mc68VF51Qruc=
=Q3Uo
-END PGP SIGNATURE-

Bug#886777: crashes with Mustek scanner which worked before

2018-01-09 Thread W. Martin Borgert 
Package: sane
Version: 1.0.14-12
Severity: important

Unfortunately, I cannot scan anymore, neither with simple-scan
nor from Gimp. Both give similar error messages.

Last successful scan was on stretch, so it is not the version of
sane that is broken, but maybe bad interaction with glibc SSP.

$ lsusb 
Bus 004 Device 006: ID 055f:0409 Mustek Systems, Inc. BearPaw 2448 TA Pro

$ simple-scan

(simple-scan:24462): Gtk-WARNING **: Failed to register client: 
GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" 
with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist

*** stack smashing detected ***: simple-scan terminated
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(+0x722fb)[0x7f38a37e42fb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f38a386f947]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f38a386f910]
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xef40)[0x7f38806aef40]
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xfbf5)[0x7f38806afbf5]
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0x13fe0)[0x7f38806b3fe0]
/usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(sane_mustek_usb2_open+0x35a)[0x7f38806b6eba]
/usr/lib/x86_64-linux-gnu/libsane.so.1(sane_dll_open+0xf6)[0x7f38a3f99b16]
simple-scan(+0x34143)[0x55be05b24143]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x72635)[0x7f38a5d6b635]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x7519)[0x7f38a3357519]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f38a385ea4f]
=== Memory map: 
55be05af-55be05b4f000 r-xp  fd:01 12588957   
/usr/bin/simple-scan
55be05d4f000-55be05d52000 r--p 0005f000 fd:01 12588957   
/usr/bin/simple-scan
55be05d52000-55be05d53000 rw-p 00062000 fd:01 12588957   
/usr/bin/simple-scan
55be06305000-55be06919000 rw-p  00:00 0  [heap]
7f387000-7f3870021000 rw-p  00:00 0 
7f3870021000-7f387400 ---p  00:00 0 
7f3874fb2000-7f3874fb3000 ---p  00:00 0 
7f3874fb3000-7f38757b3000 rw-p  00:00 0 
7f38757b3000-7f38757c2000 r-xp  fd:01 13110634   
/usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25
7f38757c2000-7f38759c1000 ---p f000 fd:01 13110634   
/usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25
7f38759c1000-7f38759c2000 r--p e000 fd:01 13110634   
/usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25
7f38759c2000-7f38759c3000 rw-p f000 fd:01 13110634   
/usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25
7f38759c3000-7f38759d r-xp  fd:01 13107747   
/usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25
7f38759d-7f3875bd ---p d000 fd:01 13107747   
/usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25
7f3875bd-7f3875bd1000 r--p d000 fd:01 13107747   
/usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25
7f3875bd1000-7f3875bd2000 rw-p e000 fd:01 13107747   
/usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25
7f3875bd2000-7f3875be2000 r-xp  fd:01 13107910   
/usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25
7f3875be2000-7f3875de1000 ---p 0001 fd:01 13107910   
/usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25
7f3875de1000-7f3875de2000 r--p f000 fd:01 13107910   
/usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25
7f3875de2000-7f3875de3000 rw-p 0001 fd:01 13107910   
/usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25
7f3875de3000-7f3875df3000 r-xp  fd:01 13108298   
/usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25
7f3875df3000-7f3875ff3000 ---p 0001 fd:01 13108298   
/usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25
7f3875ff3000-7f3875ff4000 r--p 0001 fd:01 13108298   
/usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25
7f3875ff4000-7f3875ff5000 rw-p 00011000 fd:01 13108298   
/usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25
7f3875ff5000-7f387602 r-xp  fd:01 13109694   
/usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25
7f387602-7f387622 ---p 0002b000 fd:01 13109694   
/usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25
7f387622-7f3876221000 r--p 0002b000 fd:01 13109694   
/usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25
7f3876221000-7f3876223000 rw-p 0002c000 fd:01 13109694   
/usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25
7f3876223000-7f3876226000 rw-p  00:00 0 
7f3876226000-7f387623a000 r-xp  fd:01 13109407   
/usr/lib/x86_64-linux-gnu/sane/libsane-artec.so.1.0.25
7f387623a000-7f3876439000 ---p 00014000 fd:01 13109407   
/usr/lib/x86_64-l