[sane-devel] Double-free following scan on ubuntu hardy 8.04 with epjitsu fi-60f
Jeff Kowalczyk
jtk at yahoo.com
Mon Apr 28 22:12:25 UTC 2008
On Mon, 28 Apr 2008 23:10:51 +0200, Jochen Eisinger wrote:
> export MALLOC_CHECK_=0
> If possible, use valgrind -v scanimage -d epjitsu to generate the
> backtrace, it will be more informative.
gdb terminal spew hit a magic ansi sequence that made the text unreadable.
If you can suggest a command that will pipe the scan output away, but
still stay in gdb for the bt, I'll run that.
I had more luck with valgrind this time. However, I'm not very familiar
with reading valgrind output, is this a typical level of detail?
$ export MALLOC_CHECK_=0
$ valgrind -v scanimage -d epjitsu
(...)
/cmov/libc-2.7.so)
==7627==
==7627== 1 errors in context 2 of 5:
==7627== Invalid read of size 4
==7627== at 0x45919D3: ???
==7627== by 0x4035C8C: sane_dll_exit (in /usr/lib/libsane.so.1.0.19)
==7627== by 0x4036F96: sane_exit (in /usr/lib/libsane.so.1.0.19)
==7627== by 0x804B59C: (within /usr/bin/scanimage)
==7627== by 0x406D083: exit (in /lib/tls/i686/cmov/libc-2.7.so)
==7627== by 0x4055457: (below main) (in /lib/tls/i686/cmov/libc-2.7.so)
==7627== Address 0x41a5bc0 is 0 bytes inside a block of size 700 free'd
==7627== at 0x402265C: free (vg_replace_malloc.c:323)
==7627== by 0x4592719: ???
==7627== by 0x403599E: sane_dll_close (in /usr/lib/libsane.so.1.0.19)
==7627== by 0x4036FBC: sane_close (in /usr/lib/libsane.so.1.0.19)
==7627== by 0x804B569: (within /usr/bin/scanimage)
==7627== by 0x406D083: exit (in /lib/tls/i686/cmov/libc-2.7.so)
==7627== by 0x4055457: (below main) (in /lib/tls/i686/cmov/libc-2.7.so)
==7627==
==7627== 1 errors in context 3 of 5:
==7627== Invalid read of size 4
==7627== at 0x4015209: (within /lib/ld-2.7.so)
==7627== by 0x4005C69: (within /lib/ld-2.7.so)
==7627== by 0x4007A97: (within /lib/ld-2.7.so)
==7627== by 0x400BC16: (within /lib/ld-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x400BDF9: (within /lib/ld-2.7.so)
==7627== by 0x40115A3: (within /lib/ld-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x4010F5D: (within /lib/ld-2.7.so)
==7627== by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== Address 0x419512c is 20 bytes inside a block of size 21 alloc'd
==7627== at 0x4022AB8: malloc (vg_replace_malloc.c:207)
==7627== by 0x4008031: (within /lib/ld-2.7.so)
==7627== by 0x400BC16: (within /lib/ld-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x400BDF9: (within /lib/ld-2.7.so)
==7627== by 0x40115A3: (within /lib/ld-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x4010F5D: (within /lib/ld-2.7.so)
==7627== by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x403AB50: dlopen (in /lib/tls/i686/cmov/libdl-2.7.so)
==7627==
==7627== 1 errors in context 4 of 5:
==7627== Invalid read of size 4
==7627== at 0x40151F3: (within /lib/ld-2.7.so)
==7627== by 0x4005C69: (within /lib/ld-2.7.so)
==7627== by 0x4007A97: (within /lib/ld-2.7.so)
==7627== by 0x4011543: (within /lib/ld-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x4010F5D: (within /lib/ld-2.7.so)
==7627== by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x403AB50: dlopen (in /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x4036755: (within /usr/lib/libsane.so.1.0.19)
==7627== by 0x4036906: (within /usr/lib/libsane.so.1.0.19)
==7627== Address 0x4194dd8 is 32 bytes inside a block of size 35 alloc'd
==7627== at 0x4022AB8: malloc (vg_replace_malloc.c:207)
==7627== by 0x4006FD4: (within /lib/ld-2.7.so)
==7627== by 0x40079D9: (within /lib/ld-2.7.so)
==7627== by 0x4011543: (within /lib/ld-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x4010F5D: (within /lib/ld-2.7.so)
==7627== by 0x403AC18: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x400D5D5: (within /lib/ld-2.7.so)
==7627== by 0x403B2BB: (within /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x403AB50: dlopen (in /lib/tls/i686/cmov/libdl-2.7.so)
==7627== by 0x4036755: (within /usr/lib/libsane.so.1.0.19)
==7627== by 0x4036906: (within /usr/lib/libsane.so.1.0.19)
==7627==
==7627== 5 errors in context 5 of 5:
==7627== Conditional jump or move depends on uninitialised value(s)
==7627== at 0x4595872: ???
==7627== by 0x403693C: (within /usr/lib/libsane.so.1.0.19)
==7627== by 0x4036BA2: sane_dll_open (in /usr/lib/libsane.so.1.0.19)
==7627== by 0x4037193: sane_open (in /usr/lib/libsane.so.1.0.19)
==7627== by 0x804BCDB: (within /usr/bin/scanimage)
==7627== by 0x405544F: (below main) (in /lib/tls/i686/cmov/libc-2.7.so)
--7627--
--7627-- supp: 19 dl-hack3-1
==7627==
==7627== IN SUMMARY: 9 errors from 5 contexts (suppressed: 19 from 1)
==7627==
==7627== malloc/free: in use at exit: 186,071 bytes in 48 blocks.
==7627== malloc/free: 321 allocs, 274 frees, 7,682,372 bytes allocated.
==7627==
==7627== searching for pointers to 48 not-freed blocks.
==7627== checked 108,732 bytes.
==7627==
==7627== LEAK SUMMARY:
==7627== definitely lost: 153,303 bytes in 47 blocks.
==7627== possibly lost: 0 bytes in 0 blocks.
==7627== still reachable: 32,768 bytes in 1 blocks.
==7627== suppressed: 0 bytes in 0 blocks.
==7627== Rerun with --leak-check=full to see details of leaked memory.
--7627-- memcheck: sanity checks: 84 cheap, 5 expensive
--7627-- memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--7627-- memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10
--7627-- memcheck: auxmaps_L2: 0 searches, 0 nodes
--7627-- memcheck: SMs: n_issued = 129 (2064k, 2M)
--7627-- memcheck: SMs: n_deissued = 112 (1792k, 1M)
--7627-- memcheck: SMs: max_noaccess = 65535 (1048560k, 1023M)
--7627-- memcheck: SMs: max_undefined = 0 (0k, 0M)
--7627-- memcheck: SMs: max_defined = 133 (2128k, 2M)
--7627-- memcheck: SMs: max_non_DSM = 129 (2064k, 2M)
--7627-- memcheck: max sec V bit nodes: 0 (0k, 0M)
--7627-- memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
--7627-- memcheck: max shadow mem size: 2368k, 2M
--7627-- translate: fast SP updates identified: 5,247 ( 90.9%)
--7627-- translate: generic_known SP updates identified: 328 ( 5.6%)
--7627-- translate: generic_unknown SP updates identified: 194 ( 3.3%)
--7627-- tt/tc: 11,139 tt lookups requiring 11,489 probes
--7627-- tt/tc: 11,139 fast-cache updates, 4 flushes
--7627-- transtab: new 4,497 (98,143 -> 1,375,953; ratio 140:10) Ä0 scsÅ
--7627-- transtab: dumped 0 (0 -> ??)
--7627-- transtab: discarded 1,128 (28,004 -> ??)
--7627-- scheduler: 8,496,925 jumps (bb entries).
--7627-- scheduler: 84/13,343 major/minor sched events.
--7627-- sanity: 85 cheap, 5 expensive checks.
--7627-- exectx: 769 lists, 121 contexts (avg 0 per list)
--7627-- exectx: 622 searches, 514 full compares (826 per 1000)
--7627-- exectx: 0 cmp2, 66 cmp4, 0 cmpAll
--7627-- errormgr: 13 supplist searches, 427 comparisons during search
--7627-- errormgr: 28 errlist searches, 105 comparisons during search
More information about the sane-devel
mailing list