[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
On Tue, 29 Apr 2008 09:20:04 +0100, Chris Lale wrote: Jeff Kowalczyk wrote: On Mon, 28 Apr 2008 21:01:08 -0400, m. allan noah wrote: well, i've just committed a patch to fix this, but please test, as i never saw the error message in the first place... Does anyone have a good procedure for patching and rebuilding released ubuntu .debs to test upstream changes? Or a way to build new debs from sane snapshots at a particular revision? The originally reported platform (Ubuntu) is not my familiar source-based system (Gentoo). This is how you could do it in Debian [1]. Basic method for a package somepackage version 0.7.1-1 is as follows. (This does not change the version number, but that is explained in the documentation.): 0. Get the source package. 1. put somepackage_0.7.1-1.diff.gz somepackage_0.7.1.orig.tar.gz somepackage_0.7.1-1.dsc in a directory. 2. Run dpkg-source -x somepackage_0.7.1-1.dsc to recreate build directory. 3. cd to somepackage-0.7.1 Do what you need. 4. Run dpkg-buildpackage -rfakeroot Completes with message dpkg-buildpackage: full upload (original source is included) 5. Run checks: lintian somepackage_0.7.1-1_i386.changes and linda somepackage_0.7.1-1_i386.changes Both should complete with no errors reported. debc somepackage_0.7.1-1_i386.changes | less On inspection, files contained in package should look OK. # debi somepackage_0.7.1-1_i386.changes should install package OK. # dpkg --purge somepackage removes package. [1] http://www.us.debian.org/doc/maint-guide/ Hope that helps. -- Chris. I've tried the above procedure several times over the past weeks, and I can't get it right. The ubuntu sane-backends package is missing the .changes files, etc. Also, I'm missing the punchline of the procedure, I want to make a new .deb that I can dpkg install on any number of machines, report upstream that the patches help. I'd like to do the hardware testing on the patch, since it's a relatively uncommon scanner, and the patch seems like it will make this hardware usable on Ubuntu. Can anyone with ubuntu-flavored dpkg-fu either list a working procedure, or post a deb with the patches integrated? Any info would be much appreciated. Thanks, Jeff
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
Hi, Julien BLACHE wrote: Gah, that damn crash reporter is getting in the way. Can you try to get rid of it? You have to set the env variable MALLOC_CHECK_ to 0, i.e., in bash export MALLOC_CHECK_=0 or in tcsh setenv MALLOC_CHECK_ 0 then you will get a proper backtrace with gdb.. http://www.gnu.org/software/libtool/manual/libc/Heap-Consistency-Checking.html If possible, use valgrind -v scanimage -d epjitsu to generate the backtrace, it will be more informative. regards -- jochen
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
Hi, I guess the bug is that in sane_close the scanner_devList entry corresponding to the open handle is destroyed, and later in sane_exit all scanner_devList entries are destroyed again. I guess in sane_close, the entry should be be destroyed, but only marked as free or so. regards -- jochen
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
Jeff Kowalczyk wrote: On Mon, 28 Apr 2008 21:01:08 -0400, m. allan noah wrote: well, i've just committed a patch to fix this, but please test, as i never saw the error message in the first place... Does anyone have a good procedure for patching and rebuilding released ubuntu .debs to test upstream changes? Or a way to build new debs from sane snapshots at a particular revision? The originally reported platform (Ubuntu) is not my familiar source-based system (Gentoo). This is how you could do it in Debian [1]. Basic method for a package somepackage version 0.7.1-1 is as follows. (This does not change the version number, but that is explained in the documentation.): 0. Get the source package. 1. put somepackage_0.7.1-1.diff.gz somepackage_0.7.1.orig.tar.gz somepackage_0.7.1-1.dsc in a directory. 2. Run dpkg-source -x somepackage_0.7.1-1.dsc to recreate build directory. 3. cd to somepackage-0.7.1 Do what you need. 4. Run dpkg-buildpackage -rfakeroot Completes with message dpkg-buildpackage: full upload (original source is included) 5. Run checks: lintian somepackage_0.7.1-1_i386.changes and linda somepackage_0.7.1-1_i386.changes Both should complete with no errors reported. debc somepackage_0.7.1-1_i386.changes | less On inspection, files contained in package should look OK. # debi somepackage_0.7.1-1_i386.changes should install package OK. # dpkg --purge somepackage removes package. [1] http://www.us.debian.org/doc/maint-guide/ Hope that helps. -- Chris.
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
Jeff Kowalczyk jtk at yahoo.com wrote: Hi, $ scanimage -d epjitsu (massive ansi terminal spew) *** glibc detected *** scanimage: double free or corruption (!prev): 0x08053ca0 *** === Backtrace: = /lib/tls/i686/cmov/libc.so.6[0xb7e7fa85] /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e834f0] /usr/lib/sane/libsane-epjitsu.so.1(sane_epjitsu_exit+0x3d)[0xb7e029dd] Can you reproduce the problem with a simple scanimage -L ? Also please obtain a gdb backtrace : $ gdb scanimage run -d epjitsu (or, if scanimage -L exhibits the same problem, just use run -L) bt JB. -- Julien BLACHE http://www.jblache.org jb at jblache.org GPG KeyID 0xF5D65169
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
On Mon, 28 Apr 2008 21:51:50 +0200, Julien BLACHE wrote: Jeff Kowalczyk jtk at yahoo.com wrote: Hi, $ scanimage -d epjitsu (massive ansi terminal spew) *** glibc detected *** scanimage: double free or corruption (!prev): 0x08053ca0 *** === Backtrace: = /lib/tls/i686/cmov/libc.so.6[0xb7e7fa85] /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e834f0] /usr/lib/sane/libsane-epjitsu.so.1(sane_epjitsu_exit+0x3d)[0xb7e029dd] Can you reproduce the problem with a simple scanimage -L ? scanimage -L appears to be fine: $ scanimage -L device `fujitsu:libusb:001:011' is a FUJITSU fi-5120Cdj scanner device `epjitsu:libusb:001:009' is a FUJITSU fi-60F 0A06 scanner Also please obtain a gdb backtrace : $ gdb scanimage run -d epjitsu (some messages, then terminal data spew) *** glibc detected *** /usr/bin/scanimage: corrupted double-linked list: 0x08054120 *** (no debugging symbols found) === Backtrace: = /lib/tls/i686/cmov/libc.so.6[0xb7dfad0d] /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7dfe4f0] /usr/lib/sane/libsane-epjitsu.so.1(sane_epjitsu_exit+0x3d)[0xb7d7d9dd] /usr/lib/libsane.so.1(sane_dll_exit+0x15d)[0xb7ee4c8d] /usr/lib/libsane.so.1(sane_exit+0x17)[0xb7ee5f97] /usr/bin/scanimage[0x804b59d] /lib/tls/i686/cmov/libc.so.6(exit+0xd4)[0xb7dbd084] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe8)[0xb7da5458] /usr/bin/scanimage[0x8049241] === Memory map: 08048000-08051000 r-xp 08:05 6447711/usr/bin/scanimage 08051000-08052000 rw-p 9000 08:05 6447711/usr/bin/scanimage 08052000-080c4000 rw-p 08052000 00:00 0 [heap] b7c0-b7c21000 rw-p b7c0 00:00 0 b7c21000-b7d0 ---p b7c21000 00:00 0 b7d5b000-b7d65000 r-xp 08:05 7716880/lib/libgcc_s.so.1 b7d65000-b7d66000 rw-p a000 08:05 7716880/lib/libgcc_s.so.1 b7d73000-b7d79000 r-xp 08:05 7717114/lib/libusb-0.1.so.4.4.4 b7d79000-b7d7b000 rw-p 5000 08:05 7717114/lib/libusb-0.1.so.4.4.4 b7d7b000-b7d8a000 r-xp 08:05 935162 /usr/lib/sane/libsane-epjitsu.so.1.0.19 b7d8a000-b7d8b000 rw-p e000 08:05 935162 /usr/lib/sane/libsane-epjitsu.so.1.0.19 b7d8b000-b7d8f000 rw-p b7d8b000 00:00 0 b7d8f000-b7ed8000 r-xp 08:05 7717018 /lib/tls/i686/cmov/libc-2.7.so b7ed8000-b7ed9000 r--p 00149000 08:05 7717018 /lib/tls/i686/cmov/libc-2.7.so b7ed9000-b7edb000 rw-p 0014a000 08:05 7717018 /lib/tls/i686/cmov/libc-2.7.so b7edb000-b7edf000 rw-p b7edb000 00:00 0 b7edf000-b7ee1000 r-xp 08:05 7717021 /lib/tls/i686/cmov/libdl-2.7.so b7ee1000-b7ee3000 rw-p 1000 08:05 7717021 /lib/tls/i686/cmov/libdl-2.7.so b7ee3000-b7ee8000 r-xp 08:05 856953 /usr/lib/libsane.so.1.0.19 b7ee8000-b7ee9000 rw-p 4000 08:05 856953 /usr/lib/libsane.so.1.0.19 b7ef5000-b7ef8000 rw-p b7ef5000 00:00 0 b7ef8000-b7ef9000 r-xp b7ef8000 00:00 0 [vdso] b7ef9000-b7f13000 r-xp 08:05 7716881/lib/ld-2.7.so b7f13000-b7f15000 rw-p 00019000 08:05 7716881/lib/ld-2.7.so bfd22000-bfd37000 rw-p bffeb000 00:00 0 [stack] Program received signal SIGABRT, Aborted. 0xb7ef8410 in __kernel_vsyscall () 62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;cbt Undefined command: 62. Try help. (gdb) bt #0 0xb7ef8410 in __kernel_vsyscall () #1 0xb7dba085 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0xb7dbba01 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0xb7df2b7c in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0x0006 in ?? () #5 0xbfd346d4 in ?? () #6 0x0400 in ?? () #7 0xb7ebf428 in ?? () from /lib/tls/i686/cmov/libc.so.6 #8 0x0017 in ?? () #9 0xbfd36999 in ?? () #10 0x0012 in ?? () #11 0xb7ebf441 in ?? () from /lib/tls/i686/cmov/libc.so.6 #12 0x0002 in ?? () #13 0xb7ebc2d8 in ?? () from /lib/tls/i686/cmov/libc.so.6 #14 0x001c in ?? () #15 0xb7ebf445 in ?? () from /lib/tls/i686/cmov/libc.so.6 #16 0x0004 in ?? () #17 0xbfd34c4b in ?? () #18 0x0008 in ?? () #19 0xb7ebf44b in ?? () from /lib/tls/i686/cmov/libc.so.6 #20 0x0005 in ?? () #21 0x0006 in ?? () #22 0x0004 in ?? () #23 0x0004 in ?? () #24 0x0174 in ?? () #25 0x0174 in ?? () #26 0x0174 in ?? () #27 0xb7ebf44b in ?? () from /lib/tls/i686/cmov/libc.so.6 #28 0x0005 in ?? () #29 0xbfd34620 in ?? () #30 0x0025 in ?? () #31 0xbfd3463c in ?? () #32 0xb7f04c17 in ?? () from /lib/ld-linux.so.2 #33 0x0001 in ?? () #34 0x in ?? () (gdb) q The program is running. Exit anyway? (y or n) y
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
Jeff Kowalczyk jtk at yahoo.com wrote: Hi, $ gdb scanimage run -d epjitsu (some messages, then terminal data spew) *** glibc detected *** /usr/bin/scanimage: corrupted double-linked list: 0x08054120 *** (no debugging symbols found) === Backtrace: = /lib/tls/i686/cmov/libc.so.6[0xb7dfad0d] /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7dfe4f0] /usr/lib/sane/libsane-epjitsu.so.1(sane_epjitsu_exit+0x3d)[0xb7d7d9dd] Gah, that damn crash reporter is getting in the way. Can you try to get rid of it? JB. -- Julien BLACHE http://www.jblache.org jb at jblache.org GPG KeyID 0xF5D65169
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
On Mon, 28 Apr 2008 23:10:51 +0200, Jochen Eisinger wrote: export MALLOC_CHECK_=0 If possible, use valgrind -v scanimage -d epjitsu to generate the backtrace, it will be more informative. gdb terminal spew hit a magic ansi sequence that made the text unreadable. If you can suggest a command that will pipe the scan output away, but still stay in gdb for the bt, I'll run that. I had more luck with valgrind this time. However, I'm not very familiar with reading valgrind output, is this a typical level of detail? $ export MALLOC_CHECK_=0 $ valgrind -v scanimage -d epjitsu (...) /cmov/libc-2.7.so) ==7627== ==7627== 1 errors in context 2 of 5: ==7627== Invalid read of size 4 ==7627==at 0x45919D3: ??? ==7627==by 0x4035C8C: sane_dll_exit (in /usr/lib/libsane.so.1.0.19) ==7627==by 0x4036F96: sane_exit (in /usr/lib/libsane.so.1.0.19) ==7627==by 0x804B59C: (within /usr/bin/scanimage) ==7627==by 0x406D083: exit (in /lib/tls/i686/cmov/libc-2.7.so) ==7627==by 0x4055457: (below main) (in /lib/tls/i686/cmov/libc-2.7.so) ==7627== Address 0x41a5bc0 is 0 bytes inside a block of size 700 free'd ==7627==at 0x402265C: free (vg_replace_malloc.c:323) ==7627==by 0x4592719: ??? ==7627==by 0x403599E: sane_dll_close (in /usr/lib/libsane.so.1.0.19) ==7627==by 0x4036FBC: sane_close (in /usr/lib/libsane.so.1.0.19) ==7627==by 0x804B569: (within /usr/bin/scanimage) ==7627==by 0x406D083: exit (in /lib/tls/i686/cmov/libc-2.7.so) ==7627==by 0x4055457: (below main) (in /lib/tls/i686/cmov/libc-2.7.so) ==7627== ==7627== 1 errors in context 3 of 5: ==7627== Invalid read of size 4 ==7627==at 0x4015209: (within /lib/ld-2.7.so) ==7627==by 0x4005C69: (within /lib/ld-2.7.so) ==7627==by 0x4007A97: (within /lib/ld-2.7.so) ==7627==by 0x400BC16: (within /lib/ld-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x400BDF9: (within /lib/ld-2.7.so) ==7627==by 0x40115A3: (within /lib/ld-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x4010F5D: (within /lib/ld-2.7.so) ==7627==by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627== Address 0x419512c is 20 bytes inside a block of size 21 alloc'd ==7627==at 0x4022AB8: malloc (vg_replace_malloc.c:207) ==7627==by 0x4008031: (within /lib/ld-2.7.so) ==7627==by 0x400BC16: (within /lib/ld-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x400BDF9: (within /lib/ld-2.7.so) ==7627==by 0x40115A3: (within /lib/ld-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x4010F5D: (within /lib/ld-2.7.so) ==7627==by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x403AB50: dlopen (in /lib/tls/i686/cmov/libdl-2.7.so) ==7627== ==7627== 1 errors in context 4 of 5: ==7627== Invalid read of size 4 ==7627==at 0x40151F3: (within /lib/ld-2.7.so) ==7627==by 0x4005C69: (within /lib/ld-2.7.so) ==7627==by 0x4007A97: (within /lib/ld-2.7.so) ==7627==by 0x4011543: (within /lib/ld-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x4010F5D: (within /lib/ld-2.7.so) ==7627==by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x403AB50: dlopen (in /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x4036755: (within /usr/lib/libsane.so.1.0.19) ==7627==by 0x4036906: (within /usr/lib/libsane.so.1.0.19) ==7627== Address 0x4194dd8 is 32 bytes inside a block of size 35 alloc'd ==7627==at 0x4022AB8: malloc (vg_replace_malloc.c:207) ==7627==by 0x4006FD4: (within /lib/ld-2.7.so) ==7627==by 0x40079D9: (within /lib/ld-2.7.so) ==7627==by 0x4011543: (within /lib/ld-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x4010F5D: (within /lib/ld-2.7.so) ==7627==by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x400D5D5: (within /lib/ld-2.7.so) ==7627==by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x403AB50: dlopen (in /lib/tls/i686/cmov/libdl-2.7.so) ==7627==by 0x4036755: (within /usr/lib/libsane.so.1.0.19) ==7627==by 0x4036906: (within /usr/lib/libsane.so.1.0.19) ==7627== ==7627== 5 errors in context 5 of 5: ==7627== Conditional jump or move depends on uninitialised value(s) ==7627==at 0x4595872: ??? ==7627==by 0x403693C: (within /usr/lib/libsane.so.1.0.19) ==7627==by 0x4036BA2: sane_dll_open (in /usr/lib/libsane.so.1.0.19) ==7627==by 0x4037193:
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
well, i've just committed a patch to fix this, but please test, as i never saw the error message in the first place... allan On 4/28/08, m. allan noah kitno455 at gmail.com wrote: ouch- i go away for a few hours, and my code grows bugs, and gets valgound :) i think Jochen hit the nail on the head, i'll fix it ASAP. allan On 4/28/08, Jochen Eisinger jochen at penguin-breeder.org wrote: Hi, I guess the bug is that in sane_close the scanner_devList entry corresponding to the open handle is destroyed, and later in sane_exit all scanner_devList entries are destroyed again. I guess in sane_close, the entry should be be destroyed, but only marked as free or so. regards -- jochen -- sane-devel mailing list: sane-devel at lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/sane-devel Unsubscribe: Send mail with subject unsubscribe your_password to sane-devel-request at lists.alioth.debian.org -- The truth is an offense, but not a sin -- The truth is an offense, but not a sin
[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
On Mon, 28 Apr 2008 21:01:08 -0400, m. allan noah wrote: well, i've just committed a patch to fix this, but please test, as i never saw the error message in the first place... Does anyone have a good procedure for patching and rebuilding released ubuntu .debs to test upstream changes? Or a way to build new debs from sane snapshots at a particular revision? The originally reported platform (Ubuntu) is not my familiar source-based system (Gentoo).