[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f

Jeff Kowalczyk jtk at yahoo.com
Mon Apr 28 20:30:35 UTC 2008 

On Mon, 28 Apr 2008 21:51:50 +0200, Julien BLACHE wrote:

> Jeff Kowalczyk <jtk at yahoo.com> wrote:
> 
> Hi,
> 
>>   $ scanimage -d epjitsu
>>   (massive ansi terminal spew)
>>   *** glibc detected *** scanimage: double free or corruption (!prev): 0x08053ca0 ***
>>   ======= Backtrace: =========
>>   /lib/tls/i686/cmov/libc.so.6[0xb7e7fa85]
>>   /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e834f0]
>>   /usr/lib/sane/libsane-epjitsu.so.1(sane_epjitsu_exit+0x3d)[0xb7e029dd]
> 
> Can you reproduce the problem with a simple scanimage -L ?

scanimage -L appears to be fine:

  $ scanimage -L 
  device `fujitsu:libusb:001:011' is a FUJITSU fi-5120Cdj scanner
  device `epjitsu:libusb:001:009' is a FUJITSU fi-60F  0A06 scanner

> Also please obtain a gdb backtrace :

  $ gdb scanimage
  > run -d epjitsu
  (some messages, then terminal data spew)
  *** glibc detected *** /usr/bin/scanimage: corrupted double-linked list: 0x08054120 ***
  (no debugging symbols found)
  ======= Backtrace: =========
  /lib/tls/i686/cmov/libc.so.6[0xb7dfad0d]
  /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7dfe4f0]
  /usr/lib/sane/libsane-epjitsu.so.1(sane_epjitsu_exit+0x3d)[0xb7d7d9dd]
  /usr/lib/libsane.so.1(sane_dll_exit+0x15d)[0xb7ee4c8d]
  /usr/lib/libsane.so.1(sane_exit+0x17)[0xb7ee5f97]
  /usr/bin/scanimage[0x804b59d]
  /lib/tls/i686/cmov/libc.so.6(exit+0xd4)[0xb7dbd084]
  /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe8)[0xb7da5458]
  /usr/bin/scanimage[0x8049241]
  ======= Memory map: ========
  08048000-08051000 r-xp 00000000 08:05 6447711    /usr/bin/scanimage
  08051000-08052000 rw-p 00009000 08:05 6447711    /usr/bin/scanimage
  08052000-080c4000 rw-p 08052000 00:00 0          [heap]
  b7c00000-b7c21000 rw-p b7c00000 00:00 0 
  b7c21000-b7d00000 ---p b7c21000 00:00 0 
  b7d5b000-b7d65000 r-xp 00000000 08:05 7716880    /lib/libgcc_s.so.1
  b7d65000-b7d66000 rw-p 0000a000 08:05 7716880    /lib/libgcc_s.so.1
  b7d73000-b7d79000 r-xp 00000000 08:05 7717114    /lib/libusb-0.1.so.4.4.4
  b7d79000-b7d7b000 rw-p 00005000 08:05 7717114    /lib/libusb-0.1.so.4.4.4
  b7d7b000-b7d8a000 r-xp 00000000 08:05 935162     /usr/lib/sane/libsane-epjitsu.so.1.0.19
  b7d8a000-b7d8b000 rw-p 0000e000 08:05 935162     /usr/lib/sane/libsane-epjitsu.so.1.0.19
  b7d8b000-b7d8f000 rw-p b7d8b000 00:00 0 
  b7d8f000-b7ed8000 r-xp 00000000 08:05 7717018    /lib/tls/i686/cmov/libc-2.7.so
  b7ed8000-b7ed9000 r--p 00149000 08:05 7717018    /lib/tls/i686/cmov/libc-2.7.so
  b7ed9000-b7edb000 rw-p 0014a000 08:05 7717018    /lib/tls/i686/cmov/libc-2.7.so
  b7edb000-b7edf000 rw-p b7edb000 00:00 0 
  b7edf000-b7ee1000 r-xp 00000000 08:05 7717021    /lib/tls/i686/cmov/libdl-2.7.so
  b7ee1000-b7ee3000 rw-p 00001000 08:05 7717021    /lib/tls/i686/cmov/libdl-2.7.so
  b7ee3000-b7ee8000 r-xp 00000000 08:05 856953     /usr/lib/libsane.so.1.0.19
  b7ee8000-b7ee9000 rw-p 00004000 08:05 856953     /usr/lib/libsane.so.1.0.19
  b7ef5000-b7ef8000 rw-p b7ef5000 00:00 0 
  b7ef8000-b7ef9000 r-xp b7ef8000 00:00 0          [vdso]
  b7ef9000-b7f13000 r-xp 00000000 08:05 7716881    /lib/ld-2.7.so
  b7f13000-b7f15000 rw-p 00019000 08:05 7716881    /lib/ld-2.7.so
  bfd22000-bfd37000 rw-p bffeb000 00:00 0          [stack]
  
  Program received signal SIGABRT, Aborted.
  0xb7ef8410 in __kernel_vsyscall ()
   62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;c62;9;cbt
  Undefined command: "62".  Try "help".
  (gdb) bt
  #0  0xb7ef8410 in __kernel_vsyscall ()
  #1  0xb7dba085 in raise () from /lib/tls/i686/cmov/libc.so.6
  #2  0xb7dbba01 in abort () from /lib/tls/i686/cmov/libc.so.6
  #3  0xb7df2b7c in ?? () from /lib/tls/i686/cmov/libc.so.6
  #4  0x00000006 in ?? ()
  #5  0xbfd346d4 in ?? ()
  #6  0x00000400 in ?? ()
  #7  0xb7ebf428 in ?? () from /lib/tls/i686/cmov/libc.so.6
  #8  0x00000017 in ?? ()
  #9  0xbfd36999 in ?? ()
  #10 0x00000012 in ?? ()
  #11 0xb7ebf441 in ?? () from /lib/tls/i686/cmov/libc.so.6
  #12 0x00000002 in ?? ()
  #13 0xb7ebc2d8 in ?? () from /lib/tls/i686/cmov/libc.so.6
  #14 0x0000001c in ?? ()
  #15 0xb7ebf445 in ?? () from /lib/tls/i686/cmov/libc.so.6
  #16 0x00000004 in ?? ()
  #17 0xbfd34c4b in ?? ()
  #18 0x00000008 in ?? ()
  #19 0xb7ebf44b in ?? () from /lib/tls/i686/cmov/libc.so.6
  #20 0x00000005 in ?? ()
  #21 0x00000006 in ?? ()
  #22 0x00000004 in ?? ()
  #23 0x00000004 in ?? ()
  #24 0x00000174 in ?? ()
  #25 0x00000174 in ?? ()
  #26 0x00000174 in ?? ()
  #27 0xb7ebf44b in ?? () from /lib/tls/i686/cmov/libc.so.6
  #28 0x00000005 in ?? ()
  #29 0xbfd34620 in ?? ()
  #30 0x00000025 in ?? ()
  #31 0xbfd3463c in ?? ()
  #32 0xb7f04c17 in ?? () from /lib/ld-linux.so.2
  #33 0x00000001 in ?? ()
  #34 0x00000000 in ?? ()
  (gdb) q
  The program is running.  Exit anyway? (y or n) y

More information about the sane-devel mailing list