simple-scan-team team mailing list archive

Thread
Date
[Bug 664608] Re: simple-scan crashes when saving to PDF

To: simple-scan-team@xxxxxxxxxxxxxxxxxxx
From: Stef Walter <stefw@xxxxxxxxx>
Date: Wed, 29 Feb 2012 12:25:30 -0000
Reply-to: Bug 664608 <664608@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Added the attached printfs. Here's the output:


** WARNING **: scanner.vala:1204: Scan completed with 1584 lines, expected 2250 lines
allocated: data_length = 711000, height = 2250, width = 1264
shift_count: offset 711000 >= data_length 711000 (x = 1263, width = 1264)
simple-scan: malloc.c:2453: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)

This is a buffer overrun by one byte. You can see clearly that all the
other color depths (besides DeviceGray) add an extra byte to account for
this overflow. Only the DeviceGray one does not, adding one to the
data_length calculations for DeviceGray fixes the problem.

Please let me know if you want any other printfs or information in
specific places.

** Patch added: "Printfs"
   https://bugs.launchpad.net/ubuntu/+source/simple-scan/+bug/664608/+attachment/2793651/+files/debug-printfs.patch

-- 
You received this bug notification because you are a member of Simple
Scan Development Team, which is the registrant for Simple Scan.
https://bugs.launchpad.net/bugs/664608

Title:
  simple-scan crashes when saving to PDF

Status in Simple Scan:
  Triaged
Status in “simple-scan” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: simple-scan

  I can not save a scanned image or textfile. Simple-Scan crashes
  immediatly after i choose a filename and click "save". When i try to
  start simple-scan with through command line, this errormessage appears
  after the crash:

  simple-scan: malloc.c:3096: sYSMALLOc: Assertion `(old_top ==
  (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) -
  __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) ||
  ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof
  (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) &
  ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) &&
  ((unsigned long)old_end & pagemask) == 0)' failed.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: simple-scan 2.32.0-0ubuntu3
  ProcVersionSignature: Ubuntu 2.6.35-22.35-generic 2.6.35.4
  Uname: Linux 2.6.35-22-generic i686
  NonfreeKernelModules: wl
  Architecture: i386
  Date: Thu Oct 21 18:39:54 2010
  DriverPackageVersions:
   libsane 1.0.21-2ubuntu2
   libsane-extras N/A
   hplip 3.10.6-1ubuntu10
   hpoj N/A
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
  MachineType: Dell Inc. Inspiron 910
  ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.35-22-generic root=UUID=07367db1-2dd0-4e05-b43d-3661d2acb9fc ro quiet splash
  ProcEnviron:
   LANG=de_DE.utf8
   SHELL=/bin/bash
  SimpleScanLog:
   
  SourcePackage: simple-scan
  dmi.bios.date: 03/05/2009
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A05
  dmi.board.name: CN0J14
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A05
  dmi.chassis.type: 8
  dmi.chassis.vendor: Dell Inc.
  dmi.chassis.version: A05
  dmi.modalias: dmi:bvnDellInc.:bvrA05:bd03/05/2009:svnDellInc.:pnInspiron910:pvrA05:rvnDellInc.:rnCN0J14:rvrA05:cvnDellInc.:ct8:cvrA05:
  dmi.product.name: Inspiron 910
  dmi.product.version: A05
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/simple-scan/+bug/664608/+subscriptions