** Description changed: + SOLUTION + ******************************* + This was one of the most prominent bugs in Simple Scan for a long time. + It has been fixed in Simple Scan 3.3.92 + ******************************* + When saving a PDF memory corruption occurs and simple scan crashes in random code (for me in the deflate functionality). Checked this using clean bzr checkout. BTW, I would have patched this much earlier if simple-scan was version control system that I was familiar with (like git) :S Can be verified with valgrind: ** WARNING **: scanner.vala:1204: Scan completed with 2250 lines, expected 2250 lines ==8804== Thread 1: ==8804== Invalid write of size 1 ==8804== at 0x40FCFA: book_save_pdf (book.c:1826) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127) ==8804== by 0x4F14CBC: button_clicked (gtktoolbutton.c:881) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd ==8804== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==8804== by 0x6947193: standard_calloc (gmem.c:104) ==8804== by 0x6947225: g_malloc0 (gmem.c:189) ==8804== by 0x69474E2: g_malloc0_n (gmem.c:385) ==8804== by 0x40F889: book_save_pdf (book.c:1674) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) - ==8804== + ==8804== ==8804== Invalid read of size 1 ==8804== at 0x40FD0C: book_save_pdf (book.c:1827) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127) ==8804== by 0x4F14CBC: button_clicked (gtktoolbutton.c:881) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd ==8804== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==8804== by 0x6947193: standard_calloc (gmem.c:104) ==8804== by 0x6947225: g_malloc0 (gmem.c:189) ==8804== by 0x69474E2: g_malloc0_n (gmem.c:385) ==8804== by 0x40F889: book_save_pdf (book.c:1674) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) - ==8804== + ==8804== The problem is that due to a integer rounding error, one byte less is allocated in the image buffer than there should be. I don't understand the code completely, so this patch should be verified by the original author of the code. Attached.
** Description changed: SOLUTION ******************************* This was one of the most prominent bugs in Simple Scan for a long time. It has been fixed in Simple Scan 3.3.92 + Upgrade to Simple Scan 3.3.92, older versions are still affected but will not be fixed. ******************************* When saving a PDF memory corruption occurs and simple scan crashes in random code (for me in the deflate functionality). Checked this using clean bzr checkout. BTW, I would have patched this much earlier if simple-scan was version control system that I was familiar with (like git) :S Can be verified with valgrind: ** WARNING **: scanner.vala:1204: Scan completed with 2250 lines, expected 2250 lines ==8804== Thread 1: ==8804== Invalid write of size 1 ==8804== at 0x40FCFA: book_save_pdf (book.c:1826) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127) ==8804== by 0x4F14CBC: button_clicked (gtktoolbutton.c:881) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd ==8804== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==8804== by 0x6947193: standard_calloc (gmem.c:104) ==8804== by 0x6947225: g_malloc0 (gmem.c:189) ==8804== by 0x69474E2: g_malloc0_n (gmem.c:385) ==8804== by 0x40F889: book_save_pdf (book.c:1674) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== ==8804== Invalid read of size 1 ==8804== at 0x40FD0C: book_save_pdf (book.c:1827) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127) ==8804== by 0x4F14CBC: button_clicked (gtktoolbutton.c:881) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd ==8804== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==8804== by 0x6947193: standard_calloc (gmem.c:104) ==8804== by 0x6947225: g_malloc0 (gmem.c:189) ==8804== by 0x69474E2: g_malloc0_n (gmem.c:385) ==8804== by 0x40F889: book_save_pdf (book.c:1674) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== The problem is that due to a integer rounding error, one byte less is allocated in the image buffer than there should be. I don't understand the code completely, so this patch should be verified by the original author of the code. Attached. -- You received this bug notification because you are a member of Simple Scan Development Team, which is the registrant for Simple Scan. https://bugs.launchpad.net/bugs/931496 Title: Simple scan crashes when a PDF is saved Status in Simple Scan: Fix Released Bug description: SOLUTION ******************************* This was one of the most prominent bugs in Simple Scan for a long time. It has been fixed in Simple Scan 3.3.92 Upgrade to Simple Scan 3.3.92, older versions are still affected but will not be fixed. ******************************* When saving a PDF memory corruption occurs and simple scan crashes in random code (for me in the deflate functionality). Checked this using clean bzr checkout. BTW, I would have patched this much earlier if simple-scan was version control system that I was familiar with (like git) :S Can be verified with valgrind: ** WARNING **: scanner.vala:1204: Scan completed with 2250 lines, expected 2250 lines ==8804== Thread 1: ==8804== Invalid write of size 1 ==8804== at 0x40FCFA: book_save_pdf (book.c:1826) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127) ==8804== by 0x4F14CBC: button_clicked (gtktoolbutton.c:881) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd ==8804== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==8804== by 0x6947193: standard_calloc (gmem.c:104) ==8804== by 0x6947225: g_malloc0 (gmem.c:189) ==8804== by 0x69474E2: g_malloc0_n (gmem.c:385) ==8804== by 0x40F889: book_save_pdf (book.c:1674) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== ==8804== Invalid read of size 1 ==8804== at 0x40FD0C: book_save_pdf (book.c:1827) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== by 0x66C7507: g_signal_emit_by_name (gsignal.c:3127) ==8804== by 0x4F14CBC: button_clicked (gtktoolbutton.c:881) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== Address 0x2102c5c8 is 0 bytes after a block of size 711,000 alloc'd ==8804== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==8804== by 0x6947193: standard_calloc (gmem.c:104) ==8804== by 0x6947225: g_malloc0 (gmem.c:189) ==8804== by 0x69474E2: g_malloc0_n (gmem.c:385) ==8804== by 0x40F889: book_save_pdf (book.c:1674) ==8804== by 0x411F20: book_save (book.c:2533) ==8804== by 0x44372F: simple_scan_save_document (ui.c:1638) ==8804== by 0x447230: save_file_button_clicked_cb (ui.c:3002) ==8804== by 0x66AFD53: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==8804== by 0x66ADF59: g_closure_invoke (gclosure.c:774) ==8804== by 0x66C7C40: signal_emit_unlocked_R (gsignal.c:3302) ==8804== by 0x66C6E51: g_signal_emit_valist (gsignal.c:3033) ==8804== The problem is that due to a integer rounding error, one byte less is allocated in the image buffer than there should be. I don't understand the code completely, so this patch should be verified by the original author of the code. Attached. To manage notifications about this bug go to: https://bugs.launchpad.net/simple-scan/+bug/931496/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~simple-scan-team Post to : [email protected] Unsubscribe : https://launchpad.net/~simple-scan-team More help : https://help.launchpad.net/ListHelp
