scanimage crashed with SIGSEGV in _int_malloc()

Bug #1222162 reported by pqwoerituytrueiwoq on 2013-09-07
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sane-backends (Ubuntu)
Medium
Unassigned

Bug Description

Not a issue in 13.04
Also 10.0.0.50 is running 13.04
This does not have a 100% reproduction rate, sometimes it hangs indefinitely and some times it works
Terminal output, last 6 lines matter, the rest proves it should work
www-data@127.0.0.1:/home/www-data/PHP-Scanner-Server$ scanimage -f "{\"ID\":%i,\"INUSE\":0,\"DEVICE\":\"%d\",\"NAME\":\"%v %m %t\"},"
{"ID":0,"INUSE":0,"DEVICE":"net:10.0.0.50:plustek:libusb:004:002","NAME":"UMAX 3400 flatbed scanner"},{"ID":1,"INUSE":0,"DEVICE":"net:10.0.0.50:hpaio:/usb/Deskjet_F4400_series?serial=CN05DC61TP05C5","NAME":"Hewlett-Packard Deskjet_F4400_series all-in-one"},
www-data@127.0.0.1:/home/www-data/PHP-Scanner-Server$ scanimage --help -d 'net:10.0.0.50:plustek:libusb:004:002'
Usage: scanimage [OPTION]...

Start image acquisition on a scanner device and write image data to
standard output.

Parameters are separated by a blank from single-character options (e.g.
-d epson) and by a "=" from multi-character options (e.g. --device-name=epson).
-d, --device-name=DEVICE use a given scanner device (e.g. hp:/dev/scanner)
    --format=pnm|tiff file format of output file
-i, --icc-profile=PROFILE include this ICC profile into TIFF file
-L, --list-devices show available scanner devices
-f, --formatted-device-list=FORMAT similar to -L, but the FORMAT of the output
                           can be specified: %d (device name), %v (vendor),
                           %m (model), %t (type), %i (index number), and
                           %n (newline)
-b, --batch[=FORMAT] working in batch mode, FORMAT is `out%d.pnm' or
                           `out%d.tif' by default depending on --format
    --batch-start=# page number to start naming files with
    --batch-count=# how many pages to scan in batch mode
    --batch-increment=# increase page number in filename by #
    --batch-double increment page number by two, same as
                           --batch-increment=2
    --batch-prompt ask for pressing a key before scanning a page
    --accept-md5-only only accept authorization requests using md5
-p, --progress print progress messages
-n, --dont-scan only set options, don't actually scan
-T, --test test backend thoroughly
-A, --all-options list all available backend options
-h, --help display this help message and exit
-v, --verbose give even more status messages
-B, --buffer-size=# change input buffer size (in kB, default 32)
-V, --version print version information

Options specific to device `net:10.0.0.50:plustek:libusb:004:002':
  Scan Mode:
    --mode Lineart|Gray|Color [Color]
        Selects the scan mode (e.g., lineart, monochrome, or color).
    --depth 8|14bit [8]
        Number of bits per sample, typical values are 1 for "line-art" and 8
        for multibit scans.
    --source Normal|Transparency|Negative [inactive]
        Selects the scan source (such as a document-feeder).
    --resolution 50..1200dpi [50]
        Sets the resolution of the scanned image.
    --preview[=(yes|no)] [no]
        Request a preview-quality scan.
  Geometry:
    -l 0..215mm [0]
        Top-left x position of scan area.
    -t 0..297mm [0]
        Top-left y position of scan area.
    -x 0..215mm [103]
        Width of scan-area.
    -y 0..297mm [76.21]
        Height of scan-area.
  Enhancement:
    --brightness -100..100% (in steps of 1) [0]
        Controls the brightness of the acquired image.
    --contrast -100..100% (in steps of 1) [0]
        Controls the contrast of the acquired image.
    --custom-gamma[=(yes|no)] [no]
        Determines whether a builtin or a custom gamma-table should be used.
    --gamma-table 0..255,... [inactive]
        Gamma-correction table. In color mode this option equally affects the
        red, green, and blue channels simultaneously (i.e., it is an intensity
        gamma table).
    --red-gamma-table 0..255,... [inactive]
        Gamma-correction table for the red band.
    --green-gamma-table 0..255,... [inactive]
        Gamma-correction table for the green band.
    --blue-gamma-table 0..255,... [inactive]
        Gamma-correction table for the blue band.
  Device-Settings:
    --lamp-switch[=(yes|no)] [no]
        Manually switching the lamp(s).
    --lampoff-time 0..999 (in steps of 1) [300]
        Lampoff-time in seconds.
    --lamp-off-at-exit[=(yes|no)] [yes]
        Turn off lamp when program exits
    --warmup-time -1..999 (in steps of 1) [-1]
        Warmup-time in seconds.
    --lamp-off-during-dcal[=(yes|no)] [inactive]
        Always switches lamp off when doing dark calibration.
    --calibration-cache[=(yes|no)] [no]
        Enables or disables calibration data cache.
    --speedup-switch[=(yes|no)] [yes]
        Enables or disables speeding up sensor movement.
    --calibrate [inactive]
        Performs calibration
  Analog frontend:
    --red-gain -1..63 (in steps of 1) [-1]
        Red gain value of the AFE
    --green-gain -1..63 (in steps of 1) [-1]
        Green gain value of the AFE
    --blue-gain -1..63 (in steps of 1) [-1]
        Blue gain value of the AFE
    --red-offset -1..63 (in steps of 1) [-1]
        Red offset value of the AFE
    --green-offset -1..63 (in steps of 1) [-1]
        Green offset value of the AFE
    --blue-offset -1..63 (in steps of 1) [-1]
        Blue offset value of the AFE
    --redlamp-off -1..16363 (in steps of 1) [inactive]
        Defines red lamp off parameter
    --greenlamp-off -1..16363 (in steps of 1) [inactive]
        Defines green lamp off parameter
    --bluelamp-off -1..16363 (in steps of 1) [inactive]
        Defines blue lamp off parameter
  Buttons:

Type ``scanimage --help -d DEVICE'' to get list of all options for DEVICE.

List of available devices:
    net:M4A79XTD-EVO.local:plustek:libusb:004:002
    net:M4A79XTD-EVO.local:hpaio:/usb/Deskjet_F4400_series?serial=CN05DC61TP05C5
    net:10.0.0.50:plustek:libusb:004:002
    net:10.0.0.50:hpaio:/usb/Deskjet_F4400_series?serial=CN05DC61TP05C5
www-data@127.0.0.1:/home/www-data/PHP-Scanner-Server$ scanimage --help -d 'net:10.0.0.50:hpaio:/usb/Deskjet_F4400_series?serial=CN05DC61TP05C5'
*** Error in `scanimage': double free or corruption (!prev): 0x0000000000b95880 ***
*** Error in `scanimage': double free or corruption (!prev): 0x0000000000b95880 ***
Segmentation fault (core dumped)
www-data@127.0.0.1:/home/www-data/PHP-Scanner-Server$

ProblemType: Crash
DistroRelease: Ubuntu 13.10
Package: sane-utils 1.0.23-0ubuntu3
ProcVersionSignature: Ubuntu 3.11.0-4.9-generic 3.11.0-rc7
Uname: Linux 3.11.0-4-generic x86_64
ApportVersion: 2.12.1-0ubuntu3
Architecture: amd64
AssertionMessage: *** Error in `scanimage': double free or corruption (!prev): 0x0000000000b95880 ***
Date: Sat Sep 7 10:25:59 2013
ExecutablePath: /usr/bin/scanimage
InstallationDate: Installed on 2013-07-27 (41 days ago)
InstallationMedia: Xubuntu 13.10 "Saucy Salamander" - Alpha amd64 (20130727)
MarkForUpload: True
ProcCmdline: scanimage --help -d net:10.0.0.50:hpaio:/usb/Deskjet_F4400_series?serial=CN05DC61TP05C5
ProcEnviron:
 PATH=(custom, no user)
 LANG=C
SegvAnalysis:
 Segfault happened at: 0x7f27b62c420d <_int_malloc+669>: mov %rbp,0x10(%r11)
 PC (0x7f27b62c420d) ok
 source "%rbp" ok
 destination "0x10(%r11)" (0x00000010) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: sane-backends
StacktraceTop:
 _int_malloc (av=0x7f27b6603740 <main_arena>, bytes=<optimized out>) at malloc.c:3424
 __GI___libc_malloc (bytes=36) at malloc.c:2859
 local_strdup (s=0x7f27b6a18266 <Address 0x7f27b6a18266 out of bounds>) at dl-load.c:162
 _dl_map_object (loader=loader@entry=0x7f27b6a339a8, name=name@entry=0x7f27b63c4f86 "libgcc_s.so.1", type=type@entry=2, trace_mode=trace_mode@entry=0, mode=mode@entry=-1879048191, nsid=<optimized out>) at dl-load.c:2510
 dl_open_worker (a=a@entry=0x7fff562c0848) at dl-open.c:228
Title: scanimage crashed with SIGSEGV in _int_malloc()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: lp

information type: Private → Public

StacktraceTop:
 _int_malloc (av=0x7f27b6603740 <main_arena>, bytes=<optimized out>) at malloc.c:3424
 __GI___libc_malloc (bytes=36) at malloc.c:2859
 ?? ()
 ?? ()

Changed in sane-backends (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers