[sane-devel] Segmentation faults in several backends

Henning Meier-Geinitz henning at meier-geinitz.de
Sat Feb 22 17:01:31 GMT 2003 

Hi,

While trying to reproduce the problems with the net backend reported
some days ago I found some more backends that cause segfaults when
called more then once. By calling the backends more then once I mean:

sane_init
sane_get_device
[... other sane functions]
sane_exit
sane_init
sane_get_device
[... other sane functions]
sane_exit
[and so on]

Some backends don't initialize global variables in sane_init. If they
check for 0 afterwards, this test will be ok for the first run but not
for the second sane_init. So global variables must be initialized
explicitley in sane_init (or set to 0 in sane_exit). It's not enough
to just write
  int some_global_variable = 0;
because this initialization will be done only when the library was
loaded, not with every call of sane_init.

Usually variables like devlist, num_devices, first_device or
first_handle are the culprits. Please, everyone check if those are
initialized correctly. I guess that most backends don't initialize
them correctly.

With the usual setup you'll never notice the segfault because the
frontends call sane_init only once and never again. Further more, the
default is to link to libsane-dll and this backend unloads the library
in sane_exit. But there are reasons to link to backends directly so
these bugs should be fixed.

I'll attach a test program that calls the following sequence ten times:
sane_init
sane_get_devices
sane_open
sane_close
sane_exit

Compile with "gcc -o sane-test sane-test.c -ldl".

It loads every SANE library that exists in /usr/local/lib/sane
manually and will report errors and segmentation faults.

Please check with your backend. Some segfaults only occur when devices
are connected. Some backends segfault even without any devices:

testing libsane-artec.so: 0 1 2 got signal 11
testing libsane-mustek_pp.so: 0 1 got signal 11
testing libsane-pie.so: 0 1 2 got signal 11
testing libsane-umax.so: 0 1 2 got signal 11
testing libsane-umax_pp.so: 0 1 got signal 11

Bye,
  Henning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sane-test.c
Type: text/x-csrc
Size: 3530 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/sane-devel/attachments/20030222/bc21c985/attachment.c>

More information about the sane-devel mailing list