Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: Crashes immediately after being started if the scanner (Canon MFC643) is powered on. If the scanner is off simple-scan starts, but if I then turn on the scanner and click the reload button I get the same crash. Version-Release number of selected component: simple-scan-46.0-2.fc41 Additional info: reporter: libreport-2.17.15 reason: simple-scan killed by SIGABRT cgroup: 0::/user.slice/user-1000.slice/user/app.slice/app-gnome-simple\x2dscan-746969.scope crash_function: sprintf kernel: 6.12.15-200.fc41.x86_64 comment: Crashes immediately after being started if the scanner (Canon MFC643) is powered on. If the scanner is off simple-scan starts, but if I then turn on the scanner and click the reload button I get the same crash. package: simple-scan-46.0-2.fc41 type: CCpp cmdline: /usr/bin/simple-scan backtrace_rating: 4 journald_cursor: s=904ac8f940634fa9adc0030d7c6d2579;i=92d45;b=85c7bab0671c400e89d30de300c89632;m=1c30379847;t=62f76375e67ba;x=be5fbdfefe3a0efb uid: 1000 rootdir: / runlevel: N 5 executable: /usr/bin/simple-scan Truncated backtrace: Thread no. 1 (14 frames) #9 sprintf at /usr/include/bits/stdio2.h:30 #10 attach_bjnp at pixma/pixma_io_sanei.c:135 #11 add_scanner at pixma/pixma_bjnp.c:1922 #12 sanei_bjnp_find_devices at pixma/pixma_bjnp.c:2264 #13 sanei_pixma_collect_devices at pixma/pixma_io_sanei.c:330 #14 find_scanners at pixma/pixma.c:252 #15 sane_pixma_get_devices at pixma/pixma.c:1737 #16 sane_dll_get_devices at /usr/src/debug/sane-backends-1.3.1-1.fc41.x86_64/backend/dll.c:1098 #17 sane_get_devices at /usr/src/debug/sane-backends-1.3.1-1.fc41.x86_64/backend/dll-s.c:21 #18 scanner_do_redetect at ../src/scanner.vala:347 #19 scanner_scan_thread at ../src/scanner.vala:1645 #20 _scanner_scan_thread_gthread_func at /usr/src/debug/simple-scan-46.0-2.fc41.x86_64/redhat-linux-build/scanner.c:10853 #21 g_test_trap_subprocess_with_envp at ../glib/gtestutils.c:4076 #23 __clone3 at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
Created attachment 2084267 [details] File: core_backtrace
Created attachment 2084268 [details] File: os_info
Created attachment 2084269 [details] File: cpuinfo
Created attachment 2084270 [details] File: maps
Created attachment 2084271 [details] File: proc_pid_status
Created attachment 2084272 [details] File: backtrace
Created attachment 2084273 [details] File: dso_list
Created attachment 2084274 [details] File: open_fds
Created attachment 2084275 [details] File: var_log_messages
Created attachment 2084276 [details] File: mountinfo
Created attachment 2084277 [details] File: environ
Created attachment 2084278 [details] File: limits
Looks like the same problem as https://bugs-devel.debian.org/cgi-bin/bugreport.cgi?bug=1088618
Upgraded to Fedora 42, problem still exists. Just starting xsane gives the following stacktrace in the log: #0 0x00007f83aaa7ae5c __pthread_kill_implementation (libc.so.6 + 0x72e5c) #1 0x00007f83aaa21abe raise (libc.so.6 + 0x19abe) #2 0x00007f83aaa096d0 abort (libc.so.6 + 0x16d0) #3 0x00007f83aaa0a6f3 __libc_message_impl.cold (libc.so.6 + 0x26f3) #4 0x00007f83aab07389 __fortify_fail (libc.so.6 + 0xff389) #5 0x00007f83aab06ce4 __chk_fail (libc.so.6 + 0xfece4) #6 0x00007f83aaa66349 __vsprintf_internal (libc.so.6 + 0x5e349) #7 0x00007f83aab0863b __sprintf_chk (libc.so.6 + 0x10063b) #8 0x00007f839a493a18 attach_bjnp (libsane-pixma.so.1 + 0x3a18) #9 0x00007f839a4afc60 add_scanner (libsane-pixma.so.1 + 0x1fc60) #10 0x00007f839a4b069a sanei_bjnp_find_devices (libsane-pixma.so.1 + 0x2069a) #11 0x00007f839a4a188e sanei_pixma_collect_devices (libsane-pixma.so.1 + 0x1188e) #12 0x00007f839a49f3b7 sane_pixma_get_devices (libsane-pixma.so.1 + 0xf3b7) #13 0x00007f83ab5e984e sane_dll_get_devices (libsane.so.1 + 0x684e) #14 0x0000555a436f42bc xsane_init (/usr/bin/xsane + 0x6e2bc) #15 0x0000555a4368983b main (/usr/bin/xsane + 0x383b) #16 0x00007f83aaa0b5f5 __libc_start_call_main (libc.so.6 + 0x35f5) #17 0x00007f83aaa0b6a8 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x36a8) #18 0x0000555a436899b5 _start (/usr/bin/xsane + 0x39b5)
It looks like a simple buffer overflow because the model name ("MF642C/643C/644C") and serial ("canoncb2ff6.lan" as the hostname is used) won't fit into the buffer that attach_bjnp sprintf's into. I have created an issue for this problem at https://gitlab.com/sane-project/backends/-/issues/802 .
Thanks Mikkel! I'll backport the fix into Fedora this week.
FEDORA-2025-c1518b7d3a (sane-backends-1.3.1-4.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-c1518b7d3a
FEDORA-2025-c1518b7d3a (sane-backends-1.3.1-4.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-27e12b8efb (sane-backends-1.3.1-4.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-27e12b8efb
FEDORA-2025-8c2c57f886 (sane-backends-1.3.1-4.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-8c2c57f886
FEDORA-2025-27e12b8efb has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-27e12b8efb` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-27e12b8efb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-8c2c57f886 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-8c2c57f886` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-8c2c57f886 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Thanks! Seems to work fine - only oddity is that the scanner is sometimes named "Canon i-SENSYS MF640 Series" and sometimes "eSCL Canon MF642C/643C/644C (d8:ea:ec) (d8:ea:ec) (d8:ea:ec)" in Document Scanner (simplescan), but that's probably a different issue.
FEDORA-2025-27e12b8efb (sane-backends-1.3.1-4.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
(In reply to Mikkel Lauritsen from comment #23) > Thanks! Seems to work fine - only oddity is that the scanner is sometimes > named "Canon i-SENSYS MF640 Series" and sometimes "eSCL Canon > MF642C/643C/644C (d8:ea:ec) (d8:ea:ec) (d8:ea:ec)" in Document Scanner > (simplescan), but that's probably a different issue. Maybe the device is supported by two backends? You can check "scanimage -L" and see if it is true.
FEDORA-2025-8c2c57f886 (sane-backends-1.3.1-4.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-563de57094 (sane-backends-1.4.0-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-563de57094
FEDORA-2025-54df571d8f (sane-backends-1.4.0-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-54df571d8f
FEDORA-2025-54df571d8f has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-54df571d8f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-54df571d8f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-563de57094 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-563de57094` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-563de57094 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.