← Back to team overview

simple-scan-team team mailing list archive

  1. simple-scan-team team
  2. Mailing list archive
  3. Message #00432

[Bug 931496] Re: Simple scan crashes when a PDF is saved

  Thread PreviousDate PreviousThread Next 
Fixed in 3.3.92

-- 
You received this bug notification because you are a member of Simple
Scan Development Team, which is the registrant for Simple Scan.
https://bugs.launchpad.net/bugs/931496

Title:
  Simple scan crashes when a PDF is saved

Status in Simple Scan:
  Fix Released

Bug description:
  When saving a PDF memory corruption occurs and simple scan crashes in
  random code (for me in the deflate functionality). Checked this using
  clean bzr checkout. BTW, I would have patched this much earlier if
  simple-scan was version control system that I was familiar with (like
  git) :S

  Can be verified with valgrind:

  ** WARNING **: scanner.vala:1204: Scan completed with 2250 lines, expected 2250 lines
  ==8804== Thread 1:
  ==8804== Invalid write of size 1
  ==8804==    at 0x40FCFA: book_save_pdf (book.c:1826)
  ==8804==    by 0x411F20: book_save (book.c:2533)
  ==8804==    by 0x44372F: simple_scan_save_document (ui.c:1638)
  ==8804==    by 0x447230: save_file_button_clicked_cb (ui.c:3002)
  ==8804==    by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
  ==8804==    by 0x66ADF59: g_closure_invoke (gclosure.c:774)
  ==8804==    by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302)
  ==8804==    by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033)
  ==8804==    by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127)
  ==8804==    by 0x4F14CBC: button_clicked (gtktoolbutton.c:881)
  ==8804==    by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
  ==8804==    by 0x66ADF59: g_closure_invoke (gclosure.c:774)
  ==8804==  Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd
  ==8804==    at 0x4A05BB4: calloc (vg_replace_malloc.c:467)
  ==8804==    by 0x6947193: standard_calloc (gmem.c:104)
  ==8804==    by 0x6947225: g_malloc0 (gmem.c:189)
  ==8804==    by 0x69474E2: g_malloc0_n (gmem.c:385)
  ==8804==    by 0x40F889: book_save_pdf (book.c:1674)
  ==8804==    by 0x411F20: book_save (book.c:2533)
  ==8804==    by 0x44372F: simple_scan_save_document (ui.c:1638)
  ==8804==    by 0x447230: save_file_button_clicked_cb (ui.c:3002)
  ==8804==    by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
  ==8804==    by 0x66ADF59: g_closure_invoke (gclosure.c:774)
  ==8804==    by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302)
  ==8804==    by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033)
  ==8804== 
  ==8804== Invalid read of size 1
  ==8804==    at 0x40FD0C: book_save_pdf (book.c:1827)
  ==8804==    by 0x411F20: book_save (book.c:2533)
  ==8804==    by 0x44372F: simple_scan_save_document (ui.c:1638)
  ==8804==    by 0x447230: save_file_button_clicked_cb (ui.c:3002)
  ==8804==    by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
  ==8804==    by 0x66ADF59: g_closure_invoke (gclosure.c:774)
  ==8804==    by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302)
  ==8804==    by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033)
  ==8804==    by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127)
  ==8804==    by 0x4F14CBC: button_clicked (gtktoolbutton.c:881)
  ==8804==    by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
  ==8804==    by 0x66ADF59: g_closure_invoke (gclosure.c:774)
  ==8804==  Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd
  ==8804==    at 0x4A05BB4: calloc (vg_replace_malloc.c:467)
  ==8804==    by 0x6947193: standard_calloc (gmem.c:104)
  ==8804==    by 0x6947225: g_malloc0 (gmem.c:189)
  ==8804==    by 0x69474E2: g_malloc0_n (gmem.c:385)
  ==8804==    by 0x40F889: book_save_pdf (book.c:1674)
  ==8804==    by 0x411F20: book_save (book.c:2533)
  ==8804==    by 0x44372F: simple_scan_save_document (ui.c:1638)
  ==8804==    by 0x447230: save_file_button_clicked_cb (ui.c:3002)
  ==8804==    by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
  ==8804==    by 0x66ADF59: g_closure_invoke (gclosure.c:774)
  ==8804==    by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302)
  ==8804==    by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033)
  ==8804== 

  The problem is that due to a integer rounding error, one byte less is
  allocated in the image buffer than there should be. I don't understand
  the code completely, so this patch should be verified by the original
  author of the code. Attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/simple-scan/+bug/931496/+subscriptions

References

  Thread PreviousDate PreviousThread Next