simple-scan crashed with SIGABRT in __libc_message()

Bug #1161111 reported by Andrea Amoroso
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
HPLIP
New
Undecided
Unassigned
hplip (Ubuntu)
New
Medium
Unassigned

Bug Description

Some problems while scanning many pages with my HP 3050 All-In-One. Simple scan crashed several times randomly.

ProblemType: Crash
DistroRelease: Ubuntu 13.04
Package: simple-scan 3.6.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-25.39-generic 3.5.7.4
Uname: Linux 3.5.0-25-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.9.2-0ubuntu4
Architecture: i386
Date: Tue Mar 26 23:25:46 2013
DriverPackageVersions:
 libsane 1.0.23-0ubuntu1
 libsane-extras N/A
 hplip 3.13.3-1
 hpoj N/A
ExecutablePath: /usr/bin/simple-scan
InstallationDate: Installed on 2010-05-29 (1032 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
MachineType: Hewlett-Packard HP Pavilion dv5 Notebook PC
MarkForUpload: True
ProcCmdline: simple-scan
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=it_IT.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-25-generic root=UUID=88064758-73ca-4911-85b6-2a8112048118 ro quiet splash nomodeset video=uvesafb:mode_option=1280x800-24,mtrr=3,scroll=ywrap acpi=force
Signal: 6
SourcePackage: simple-scan
StacktraceTop:
 raise () from /lib/i386-linux-gnu/libc.so.6
 abort () from /lib/i386-linux-gnu/libc.so.6
 ?? () from /lib/i386-linux-gnu/libc.so.6
 __fortify_fail () from /lib/i386-linux-gnu/libc.so.6
 __stack_chk_fail () from /lib/i386-linux-gnu/libc.so.6
Title: simple-scan crashed with SIGABRT in raise()
UpgradeStatus: Upgraded to raring on 2012-10-19 (158 days ago)
UserGroups: adm admin cdrom dialout fuse lp lpadmin plugdev sambashare vboxusers
dmi.bios.date: 07/19/2008
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: F.07
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: 3603
dmi.board.vendor: Quanta
dmi.board.version: 02.15
dmi.chassis.type: 10
dmi.chassis.vendor: Quanta
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnHewlett-Packard:bvrF.07:bd07/19/2008:svnHewlett-Packard:pnHPPaviliondv5NotebookPC:pvrF.07:rvnQuanta:rn3603:rvr02.15:cvnQuanta:ct10:cvrN/A:
dmi.product.name: HP Pavilion dv5 Notebook PC
dmi.product.version: F.07
dmi.sys.vendor: Hewlett-Packard

Revision history for this message
Andrea Amoroso (heiko81) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0xb6c1af8b "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
 __GI___fortify_fail (msg=<optimized out>, msg@entry=0xb6c1af73 "stack smashing detected") at fortify_fail.c:37
 __stack_chk_fail () at stack_chk_fail.c:28
 __stack_chk_fail_local () from /tmp/apport_sandbox_3om5ig/usr/lib/sane/libsane-hpaio.so.1
 get_size (ps=ps@entry=0x87b55f8) at scan/sane/bb_ledm.c:1056

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in simple-scan (Ubuntu):
importance: Undecided → Medium
summary: - simple-scan crashed with SIGABRT in raise()
+ simple-scan crashed with SIGABRT in __libc_message()
tags: removed: need-i386-retrace
information type: Private → Public
Revision history for this message
Robert Ancell (robert-ancell) wrote :

This is currently the top reported crash on errors.ubuntu.com:
https://errors.ubuntu.com/?release=Ubuntu%2013.10&package=simple-scan&period=month

Revision history for this message
Robert Ancell (robert-ancell) wrote :

(for Ubuntu 13.10)

affects: simple-scan (Ubuntu) → hplip (Ubuntu)
Revision history for this message
Robert Ancell (robert-ancell) wrote :

The bug is a simple buffer overflow in scan/sane/bb_ledm.c

There is a six character buffer that expects to contain an integer from an HTTP connection that is terminated with a "\r\n". But there's no checking if something else is read. In this case "HTTP/1." has been read before the crash.

I can't seem to work out where the hplip source code is managed or how to file a bug so the developers of it can fix this...

Revision history for this message
Robert Ancell (robert-ancell) wrote :

http://hplipopensource.com/hplip-web/support.html seems to indicate that upstream tracks issues using Launchpad so hopefully someone can see that here.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.