Ubuntu

simple-scan crashes when saving to PDF

Reported by Stefan Rehm on 2010-10-21
88
This bug affects 16 people
Affects Status Importance Assigned to Milestone
Simple Scan
High
Unassigned
simple-scan (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: simple-scan

I can not save a scanned image or textfile. Simple-Scan crashes immediatly after i choose a filename and click "save". When i try to start simple-scan with through command line, this errormessage appears after the crash:

simple-scan: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: simple-scan 2.32.0-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.35-22.35-generic 2.6.35.4
Uname: Linux 2.6.35-22-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Thu Oct 21 18:39:54 2010
DriverPackageVersions:
 libsane 1.0.21-2ubuntu2
 libsane-extras N/A
 hplip 3.10.6-1ubuntu10
 hpoj N/A
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
MachineType: Dell Inc. Inspiron 910
ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.35-22-generic root=UUID=07367db1-2dd0-4e05-b43d-3661d2acb9fc ro quiet splash
ProcEnviron:
 LANG=de_DE.utf8
 SHELL=/bin/bash
SimpleScanLog:

SourcePackage: simple-scan
dmi.bios.date: 03/05/2009
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A05
dmi.board.name: CN0J14
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 8
dmi.chassis.vendor: Dell Inc.
dmi.chassis.version: A05
dmi.modalias: dmi:bvnDellInc.:bvrA05:bd03/05/2009:svnDellInc.:pnInspiron910:pvrA05:rvnDellInc.:rnCN0J14:rvrA05:cvnDellInc.:ct8:cvrA05:
dmi.product.name: Inspiron 910
dmi.product.version: A05
dmi.sys.vendor: Dell Inc.

Stefan Rehm (mailto-stefanrehm) wrote :
Sven Lesicnik (sven-lsd) wrote :

I am also effected every time I try to save a scan using simple scan. The program crashes and I cannot save the scanned document.

Changed in simple-scan (Ubuntu):
status: New → Confirmed
Stefan Rehm (mailto-stefanrehm) wrote :

Sven,
i found a workaround for this bug until it is fixed. For me it works, when I change the format to A4 bevor the scan an then not saving the scan but print it in an pdf file.

Hi Stefan

Thanks for the work around! This worked.

Regards
Sven

----- Original Message -----
From: "Stefan Rehm" <email address hidden>
To: <email address hidden>
Sent: Tuesday, 23 November, 2010 9:47:29 AM
Subject: [Bug 664608] Re: Simple-Scan crashes when I try so save a scan.

Sven,
i found a workaround for this bug until it is fixed. For me it works, when I change the format to A4 bevor the scan an then not saving the scan but print it in an pdf file.

--
Simple-Scan crashes when I try so save a scan.
https://bugs.launchpad.net/bugs/664608
You received this bug notification because you are a direct subscriber
of the bug.

Status in “simple-scan” package in Ubuntu: Confirmed

Bug description:
Binary package hint: simple-scan

I can not save a scanned image or textfile. Simple-Scan crashes immediatly after i choose a filename and click "save". When i try to start simple-scan with through command line, this errormessage appears after the crash:

simple-scan: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: simple-scan 2.32.0-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.35-22.35-generic 2.6.35.4
Uname: Linux 2.6.35-22-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Thu Oct 21 18:39:54 2010
DriverPackageVersions:
libsane 1.0.21-2ubuntu2
libsane-extras N/A
hplip 3.10.6-1ubuntu10
hpoj N/A
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
MachineType: Dell Inc. Inspiron 910
ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.35-22-generic root=UUID=07367db1-2dd0-4e05-b43d-3661d2acb9fc ro quiet splash
ProcEnviron:
LANG=de_DE.utf8
SHELL=/bin/bash
SimpleScanLog:

SourcePackage: simple-scan
dmi.bios.date: 03/05/2009
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A05
dmi.board.name: CN0J14
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 8
dmi.chassis.vendor: Dell Inc.
dmi.chassis.version: A05
dmi.modalias: dmi:bvnDellInc.:bvrA05:bd03/05/2009:svnDellInc.:pnInspiron910:pvrA05:rvnDellInc.:rnCN0J14:rvrA05:cvnDellInc.:ct8:cvrA05:
dmi.product.name: Inspiron 910
dmi.product.version: A05
dmi.sys.vendor: Dell Inc.

To unsubscribe from this bug, go to:
https://bugs.launchpad.net/ubuntu/+source/simple-scan/+bug/664608/+subscribe

is this still an issue?

Changed in simple-scan (Ubuntu):
status: Confirmed → Incomplete

Yes, unfortunately it is with Kubuntu 11.10 x64:

simple-scan: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Abgebrochen

ii simple-scan 3.2.0-0ubuntu1 Simple Scanning Utility
Linux Zweiblum 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

Michael Nagel (nailor) wrote :

can you give more detailed steps to reproduce?
you successfully scan, hit "save", enter a filename, choose a filetype (what type?), hit save and then it crashes?
or do you do it differently?

does it crash every time, or is it just that it happens sometimes?

DrKay (dr-jameskay) wrote :

I'm having this, or a similar, issue. SimpleScan crashes when I attempt to save a long document (like 30+ pages) document. It crashes after pressing the save button when saving to pdf (I don't save to any other formats). This is intermittent, but if my document is long enough, it is almost certain to crash (I save every 10 pages or so).

I'm on Ubuntu 11.10 64-bit, scanning over a network.

DrKay (dr-jameskay) wrote :

More details: The crash occurs (intermittently) after clicking the save button. The first time I click the save button, I will be prompted to choose a file name and file type. I usually (never?) have a crash on the first save, but it's when I am clicking the save button to save changes (added pages) to the document when it intermittently crashes.

Michael Nagel (nailor) on 2012-01-07
Changed in simple-scan:
status: New → Triaged
Changed in simple-scan (Ubuntu):
status: Incomplete → Confirmed
Michael Nagel (nailor) wrote :

This affects a lot of users and the effect is pretty bad.
Nota bene: Printing into a PDF is a workaround.

Changed in simple-scan:
importance: Undecided → High
summary: - Simple-Scan crashes when I try so save a scan.
+ simple-scan crashes when saving to PDF
Michael Nagel (nailor) wrote :

Hi everyone,

I brought this bug to Robert Ancell's attention. Good thing: he looked into it. Bad thing: he could not reproduce/debug the issue.

Robert believes this happens due to a corrupted adress space, caused by a bad scanner driver running in the same adress space as Simple Scan. I do not think Robert is right, and that maybe some size control information (image size or the like) returned by the scanner is incorrect, but the adress space itself is intact, because
a) the pixel data is good enough to be displayed, so it should be good enough to be saved
b) there are not random crashes, but it happens deterministically when saving a PDF

So, to see who is right we need the following:
- A description in your own words what exacly you do to recreate (not: "me too") and if it happens in 100% of the cases or just sometimes/most of the times/rarely/...
- Make, Model and ID (as listed by lsusb) of the scanner
- An apport report might be useful. Enable apport: https://wiki.ubuntu.com/Apport then make the problem happen and report the issue via apport. Include make, model and id in the description and CLEARLY STATE that is a reproduction of this bug, #664608 You might need to change the issue from "private" to "public" visibility so we can see it.
- If someone who can recreate -- and has the necessary skills -- could poke around a bit with gdb that might help...

Best Regards
Michael

Mathias Dietrich (theghost) wrote :

I think the crashes are related to the scan size format. I only got these crashes when the scan size is set to "Automatically" instead of "A4". When using "A4" this does not happen.

Stef Walter (stefw) wrote :

Added the attached printfs. Here's the output:

** WARNING **: scanner.vala:1204: Scan completed with 1584 lines, expected 2250 lines
allocated: data_length = 711000, height = 2250, width = 1264
shift_count: offset 711000 >= data_length 711000 (x = 1263, width = 1264)
simple-scan: malloc.c:2453: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)

This is a buffer overrun by one byte. You can see clearly that all the other color depths (besides DeviceGray) add an extra byte to account for this overflow. Only the DeviceGray one does not, adding one to the data_length calculations for DeviceGray fixes the problem.

Please let me know if you want any other printfs or information in specific places.

Stef Walter (stefw) wrote :

Duh, I attached this to the wrong bug. This may be a duplicate of bug 931496

Download full text (7.8 KiB)

Normally also affected by this very same bug, I just got the following abort in glibc while saving a larger (several pages) scanned document.

I'm not sure if this actually is a different symptom of the same problem?

*** glibc detected *** simple-scan: free(): invalid next size (normal): 0x0000000002d00c00 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x78a96)[0x7fabe88ada96]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7fabe88b1d7c]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(+0x3357b)[0x7fabe9a1c57b]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(+0x1b7f9)[0x7fabe9a047f9]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(+0x1bfc8)[0x7fabe9a04fc8]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(+0x4d264)[0x7fabe9a36264]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(+0x4e26a)[0x7fabe9a3726a]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(+0x48602)[0x7fabe9a31602]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(+0x22221)[0x7fabe9a0b221]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(cairo_stroke_preserve+0x20)[0x7fabe9a024a0]
/usr/lib/x86_64-linux-gnu/libcairo.so.2(cairo_stroke+0x9)[0x7fabe9a024b9]
/usr/lib/libgtk-3.so.0(+0x224fbf)[0x7fabea6a8fbf]
/usr/lib/libgtk-3.so.0(gtk_render_handle+0x12e)[0x7fabea65700e]
/usr/lib/libgtk-3.so.0(+0x29cc18)[0x7fabea720c18]
/usr/lib/libgtk-3.so.0(+0x152f18)[0x7fabea5d6f18]
/usr/lib/libgtk-3.so.0(+0x27eab0)[0x7fabea702ab0]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_closure_invoke+0x154)[0x7fabe97a70a4]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x20e5f)[0x7fabe97b8e5f]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_signal_emit_valist+0x623)[0x7fabe97c2483]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_signal_emit+0x82)[0x7fabe97c2852]
/usr/lib/libgtk-3.so.0(+0x2901ea)[0x7fabea7141ea]
/usr/lib/libgtk-3.so.0(gtk_widget_send_expose+0x141)[0x7fabea714331]
/usr/lib/libgtk-3.so.0(gtk_main_do_event+0x659)[0x7fabea5d6e29]
/usr/lib/libgdk-3.so.0(+0x34797)[0x7fabea23c797]
/usr/lib/libgdk-3.so.0(+0x34733)[0x7fabea23c733]
/usr/lib/libgdk-3.so.0(+0x33d8f)[0x7fabea23bd8f]
/usr/lib/libgdk-3.so.0(gdk_window_process_all_updates+0x1a0)[0x7fabea23c200]
/usr/lib/libgtk-3.so.0(+0xcd156)[0x7fabea551156]
/usr/lib/libgdk-3.so.0(+0x1a32f)[0x7fabea22232f]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x1dd)[0x7fabe94e6a5d]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x45258)[0x7fabe94e7258]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_loop_run+0x162)[0x7fabe94e7792]
/usr/lib/libgtk-3.so.0(gtk_main+0x8d...

Read more...

Michael Nagel (nailor) wrote :

Bug #931496 has been fixed in simple-scan 3.3.92

Hopefully that version fixes the problems described here as well.
Please report back whether or not you can reproduce the problem with simple-scan 3.3.92 or later.

Best Regards

Changed in simple-scan:
status: Triaged → Incomplete
Changed in simple-scan (Ubuntu):
status: Confirmed → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers