Bug 2358843 - [abrt] simple-scan: sprintf(): simple-scan killed by SIGABRT
Summary: [abrt] simple-scan: sprintf(): simple-scan killed by SIGABRT
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: sane-backends
Version: 41
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: David King
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:ddecd581b80e1595ee6351d95d0...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-10 13:14 UTC by Mikkel Lauritsen
Modified: 2025-06-10 02:02 UTC (History)
8 users (show)

Fixed In Version: sane-backends-1.3.1-4.fc43 sane-backends-1.3.1-4.fc42 sane-backends-1.3.1-4.fc41
Clone Of:
Environment:
Last Closed: 2025-05-06 11:02:12 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: core_backtrace (63.70 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: os_info (754 bytes, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: cpuinfo (3.30 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: maps (3.96 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: proc_pid_status (1.48 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: backtrace (137.51 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: dso_list (179 bytes, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: open_fds (4.82 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: var_log_messages (112 bytes, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: mountinfo (3.93 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: environ (1.87 KB, text/plain)
2025-04-10 13:14 UTC, Mikkel Lauritsen
no flags Details
File: limits (1.29 KB, text/plain)
2025-04-10 13:15 UTC, Mikkel Lauritsen
no flags Details

Description Mikkel Lauritsen 2025-04-10 13:14:40 UTC
Description of problem:
Crashes immediately after being started if the scanner (Canon MFC643) is powered on. If the scanner is off simple-scan starts, but if I then turn on the scanner and click the reload button I get the same crash.

Version-Release number of selected component:
simple-scan-46.0-2.fc41

Additional info:
reporter:       libreport-2.17.15
reason:         simple-scan killed by SIGABRT
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/app-gnome-simple\x2dscan-746969.scope
crash_function: sprintf
kernel:         6.12.15-200.fc41.x86_64
comment:        Crashes immediately after being started if the scanner (Canon MFC643) is powered on. If the scanner is off simple-scan starts, but if I then turn on the scanner and click the reload button I get the same crash.
package:        simple-scan-46.0-2.fc41
type:           CCpp
cmdline:        /usr/bin/simple-scan
backtrace_rating: 4
journald_cursor: s=904ac8f940634fa9adc0030d7c6d2579;i=92d45;b=85c7bab0671c400e89d30de300c89632;m=1c30379847;t=62f76375e67ba;x=be5fbdfefe3a0efb
uid:            1000
rootdir:        /
runlevel:       N 5
executable:     /usr/bin/simple-scan

Truncated backtrace:
Thread no. 1 (14 frames)
 #9 sprintf at /usr/include/bits/stdio2.h:30
 #10 attach_bjnp at pixma/pixma_io_sanei.c:135
 #11 add_scanner at pixma/pixma_bjnp.c:1922
 #12 sanei_bjnp_find_devices at pixma/pixma_bjnp.c:2264
 #13 sanei_pixma_collect_devices at pixma/pixma_io_sanei.c:330
 #14 find_scanners at pixma/pixma.c:252
 #15 sane_pixma_get_devices at pixma/pixma.c:1737
 #16 sane_dll_get_devices at /usr/src/debug/sane-backends-1.3.1-1.fc41.x86_64/backend/dll.c:1098
 #17 sane_get_devices at /usr/src/debug/sane-backends-1.3.1-1.fc41.x86_64/backend/dll-s.c:21
 #18 scanner_do_redetect at ../src/scanner.vala:347
 #19 scanner_scan_thread at ../src/scanner.vala:1645
 #20 _scanner_scan_thread_gthread_func at /usr/src/debug/simple-scan-46.0-2.fc41.x86_64/redhat-linux-build/scanner.c:10853
 #21 g_test_trap_subprocess_with_envp at ../glib/gtestutils.c:4076
 #23 __clone3 at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Comment 1 Mikkel Lauritsen 2025-04-10 13:14:44 UTC
Created attachment 2084267 [details]
File: core_backtrace

Comment 2 Mikkel Lauritsen 2025-04-10 13:14:45 UTC
Created attachment 2084268 [details]
File: os_info

Comment 3 Mikkel Lauritsen 2025-04-10 13:14:47 UTC
Created attachment 2084269 [details]
File: cpuinfo

Comment 4 Mikkel Lauritsen 2025-04-10 13:14:48 UTC
Created attachment 2084270 [details]
File: maps

Comment 5 Mikkel Lauritsen 2025-04-10 13:14:50 UTC
Created attachment 2084271 [details]
File: proc_pid_status

Comment 6 Mikkel Lauritsen 2025-04-10 13:14:52 UTC
Created attachment 2084272 [details]
File: backtrace

Comment 7 Mikkel Lauritsen 2025-04-10 13:14:53 UTC
Created attachment 2084273 [details]
File: dso_list

Comment 8 Mikkel Lauritsen 2025-04-10 13:14:54 UTC
Created attachment 2084274 [details]
File: open_fds

Comment 9 Mikkel Lauritsen 2025-04-10 13:14:56 UTC
Created attachment 2084275 [details]
File: var_log_messages

Comment 10 Mikkel Lauritsen 2025-04-10 13:14:57 UTC
Created attachment 2084276 [details]
File: mountinfo

Comment 11 Mikkel Lauritsen 2025-04-10 13:14:58 UTC
Created attachment 2084277 [details]
File: environ

Comment 12 Mikkel Lauritsen 2025-04-10 13:15:00 UTC
Created attachment 2084278 [details]
File: limits

Comment 13 Mikkel Lauritsen 2025-04-10 13:16:14 UTC
Looks like the same problem as https://bugs-devel.debian.org/cgi-bin/bugreport.cgi?bug=1088618

Comment 14 Mikkel Lauritsen 2025-04-24 13:13:45 UTC
Upgraded to Fedora 42, problem still exists. Just starting xsane gives the following stacktrace in the log:

#0  0x00007f83aaa7ae5c __pthread_kill_implementation (libc.so.6 + 0x72e5c)
#1  0x00007f83aaa21abe raise (libc.so.6 + 0x19abe)
#2  0x00007f83aaa096d0 abort (libc.so.6 + 0x16d0)
#3  0x00007f83aaa0a6f3 __libc_message_impl.cold (libc.so.6 + 0x26f3)
#4  0x00007f83aab07389 __fortify_fail (libc.so.6 + 0xff389)
#5  0x00007f83aab06ce4 __chk_fail (libc.so.6 + 0xfece4)
#6  0x00007f83aaa66349 __vsprintf_internal (libc.so.6 + 0x5e349)
#7  0x00007f83aab0863b __sprintf_chk (libc.so.6 + 0x10063b)
#8  0x00007f839a493a18 attach_bjnp (libsane-pixma.so.1 + 0x3a18)
#9  0x00007f839a4afc60 add_scanner (libsane-pixma.so.1 + 0x1fc60)
#10 0x00007f839a4b069a sanei_bjnp_find_devices (libsane-pixma.so.1 + 0x2069a)
#11 0x00007f839a4a188e sanei_pixma_collect_devices (libsane-pixma.so.1 + 0x1188e)
#12 0x00007f839a49f3b7 sane_pixma_get_devices (libsane-pixma.so.1 + 0xf3b7)
#13 0x00007f83ab5e984e sane_dll_get_devices (libsane.so.1 + 0x684e)
#14 0x0000555a436f42bc xsane_init (/usr/bin/xsane + 0x6e2bc)
#15 0x0000555a4368983b main (/usr/bin/xsane + 0x383b)
#16 0x00007f83aaa0b5f5 __libc_start_call_main (libc.so.6 + 0x35f5)
#17 0x00007f83aaa0b6a8 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x36a8)
#18 0x0000555a436899b5 _start (/usr/bin/xsane + 0x39b5)

Comment 15 Mikkel Lauritsen 2025-04-25 08:42:26 UTC
It looks like a simple buffer overflow because the model name ("MF642C/643C/644C") and serial ("canoncb2ff6.lan" as the hostname is used) won't fit into the buffer that attach_bjnp sprintf's into. I have created an issue for this problem at https://gitlab.com/sane-project/backends/-/issues/802 .

Comment 16 Zdenek Dohnal 2025-05-06 10:14:27 UTC
Thanks Mikkel!

I'll backport the fix into Fedora this week.

Comment 17 Fedora Update System 2025-05-06 10:51:29 UTC
FEDORA-2025-c1518b7d3a (sane-backends-1.3.1-4.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-c1518b7d3a

Comment 18 Fedora Update System 2025-05-06 11:02:12 UTC
FEDORA-2025-c1518b7d3a (sane-backends-1.3.1-4.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 19 Fedora Update System 2025-05-06 11:11:13 UTC
FEDORA-2025-27e12b8efb (sane-backends-1.3.1-4.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-27e12b8efb

Comment 20 Fedora Update System 2025-05-06 11:26:29 UTC
FEDORA-2025-8c2c57f886 (sane-backends-1.3.1-4.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-8c2c57f886

Comment 21 Fedora Update System 2025-05-07 01:51:27 UTC
FEDORA-2025-27e12b8efb has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-27e12b8efb`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-27e12b8efb

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 22 Fedora Update System 2025-05-07 05:20:58 UTC
FEDORA-2025-8c2c57f886 has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-8c2c57f886`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-8c2c57f886

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 23 Mikkel Lauritsen 2025-05-07 07:51:36 UTC
Thanks! Seems to work fine - only oddity is that the scanner is sometimes named "Canon i-SENSYS MF640 Series" and sometimes "eSCL Canon MF642C/643C/644C (d8:ea:ec) (d8:ea:ec) (d8:ea:ec)" in Document Scanner (simplescan), but that's probably a different issue.

Comment 24 Fedora Update System 2025-05-09 02:56:45 UTC
FEDORA-2025-27e12b8efb (sane-backends-1.3.1-4.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 25 Zdenek Dohnal 2025-05-09 04:49:36 UTC
(In reply to Mikkel Lauritsen from comment #23)
> Thanks! Seems to work fine - only oddity is that the scanner is sometimes
> named "Canon i-SENSYS MF640 Series" and sometimes "eSCL Canon
> MF642C/643C/644C (d8:ea:ec) (d8:ea:ec) (d8:ea:ec)" in Document Scanner
> (simplescan), but that's probably a different issue.

Maybe the device is supported by two backends? You can check "scanimage -L" and see if it is true.

Comment 26 Fedora Update System 2025-05-14 01:20:33 UTC
FEDORA-2025-8c2c57f886 (sane-backends-1.3.1-4.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 27 Fedora Update System 2025-06-09 15:42:54 UTC
FEDORA-2025-563de57094 (sane-backends-1.4.0-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-563de57094

Comment 28 Fedora Update System 2025-06-09 15:55:32 UTC
FEDORA-2025-54df571d8f (sane-backends-1.4.0-1.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-54df571d8f

Comment 29 Fedora Update System 2025-06-10 01:32:08 UTC
FEDORA-2025-54df571d8f has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-54df571d8f`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-54df571d8f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 30 Fedora Update System 2025-06-10 02:02:40 UTC
FEDORA-2025-563de57094 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-563de57094`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-563de57094

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.


Note You need to log in before you can comment on or make changes to this bug.