xsane crashing after update of sane-backends to 1.0.24-2. Going back to sane-backends-1.0.23-18 prevents the crash. $ xsane *** buffer overflow detected ***: xsane terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x39d430d6b7] /lib64/libc.so.6[0x39d430b880] /usr/lib64/sane/libsane-pixma.so.1(+0x1d28e)[0x7f7289a0328e] /usr/lib64/sane/libsane-pixma.so.1(sanei_bjnp_find_devices+0x6b2)[0x7f7289a03a22] /usr/lib64/sane/libsane-pixma.so.1(sanei_pixma_collect_devices+0x24d)[0x7f72899f669d] /usr/lib64/sane/libsane-pixma.so.1(sane_pixma_get_devices+0x2e)[0x7f72899f40ae] /lib64/libsane.so.1(sane_dll_get_devices+0xb7)[0x7f72998d4247] xsane[0x46ecda] xsane[0x4739d3] xsane[0x409565] /lib64/libc.so.6(__libc_start_main+0xf5)[0x39d4221b75] xsane[0x40961d]
Just another data point: The crash is not happening on my IBM Thinkpad with intel HD graphics. The above desktop uses Nvidia graphics and drivers from rpmfusion.
scanimage is also crashing on start. The problem seems to be with sane-backends 1.0.24. Going back to last 1.0.23 has no crash.
Here is the debug info from valgrind: ==1757== Command: scanimage ==1757== **1757** *** strcpy_chk: buffer overflow detected ***: program terminated ==1757== at 0x4A08C4C: ??? (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1757== by 0x4A0BCC3: __strcpy_chk (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1757== by 0xB25728D: add_scanner (string3.h:104) ==1757== by 0xB257A21: sanei_bjnp_find_devices (pixma_bjnp.c:1934) ==1757== by 0xB24A69C: sanei_pixma_collect_devices (pixma_io_sanei.c:377) ==1757== by 0xB2480AD: sane_pixma_get_devices (pixma.c:231) ==1757== by 0x4C77246: sane_dll_get_devices (dll.c:1059) ==1757== by 0x10AC3A: main (scanimage.c:1985)
From above the crash is happening when a Canon scanner is found: device `pixma:MX850_DHCP-129-59-117' is a CANON Canon PIXMA MX850 multi-function peripheral I do not have a Canon scanner and keep getting this in addition to my local hp scanner even if I comment the "net" in dll.conf.
Commenting out the "pixma" in /etc/sane.d/dll.conf stops the crash. Anyone looking into this?
Please check with 1.0.24-3 as -2 has a broken hardware database which may contribute to recognizing your hardware wrongly.
I am using 1.0.24-3 (I even tried git with the same problem). The CANON scanner is not mine. I have a HP Deskjet 3050 which works fine. I am not sure where it is finding this CANON scanner (it always did that with the 1.0.23 versions as well). It must be on the net but commenting net in dll.conf still finds it. I am not using saned. I think Fedora 19 uses conn something to find network scanners, this may be where the problem lies.
The net backend is only used for talking to a remote saned instance, which exports locally configured scanners to the network. Other network scanners are handled by their own backends. Can you generate a complete traceback? I.e. "debuginfo-install sane-backends", then run scanimage in gdb.
Created attachment 816845 [details] gdb-run
Created attachment 816846 [details] gdb-bt
Created attachment 816847 [details] gdb-list
All attached....the DHCP ...197 is the CANON coming from somewhere.
Ahh thanks, with the backtrace I could find the root of the problem which is in this code: --- 8< --- backend/pixma_bjnp.c:362 --- determine_scanner_serial () --- while (strlen (copy) >= SHORT_HOSTNAME_MAX) { /* if this is a FQDN, not an ip-address, remove domain part of the name */ if ((dot = strchr (copy, '.')) != NULL) { *dot = '\0'; } else strcpy(copy, mac_address); break; } --- >8 ---------------------------------------------------------------- The break being outside of the else block effectively made an if clause out of the while loop. This caused long hostnames to not be shortened sufficiently which subsequentely made strcpy() write beyond buffer boundaries. I've committed a fix to upstream in commit d35d6326cb00fcbb19b41599bdff7faf5d79225e and will roll an update containing it shortly.
Mind that you might need to kick udevd with "udevadm control --reload" (or restarting the system) for udevd to pick up the hwdb files correctly. I've seen the fix for udevd in dist-git, it should eventually be available with systemd 204-18 or thereabouts.
sane-backends-1.0.24-4.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-4.fc19
sane-backends-1.0.24-4.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-4.fc20
sane-backends-1.0.24-4.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-4.fc18
Package sane-backends-1.0.24-4.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sane-backends-1.0.24-4.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-20221/sane-backends-1.0.24-4.fc20 then log in and leave karma (feedback).
sane-backends-1.0.24-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
sane-backends-1.0.24-5.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-5.fc19
sane-backends-1.0.24-5.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-5.fc20
sane-backends-1.0.24-5.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-5.fc18
Package sane-backends-1.0.24-6.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sane-backends-1.0.24-6.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-20919/sane-backends-1.0.24-6.fc18 then log in and leave karma (feedback).
sane-backends-1.0.24-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
sane-backends-1.0.24-7.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-7.fc18
sane-backends-1.0.24-7.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-7.fc19
sane-backends-1.0.24-7.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/sane-backends-1.0.24-7.fc20
sane-backends-1.0.24-7.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.