[sane-devel] segfault while canceling (mustek/scsi)

Henning Meier-Geinitz henning@meier-geinitz.de
Mon, 3 Mar 2003 00:38:28 +0100


Hi,

I'm have been hunting a bug for quite some time now. Silvio Vogt found
out that cancelling a scan on Mustek SCSI scanners leads to a
segmentation fault.

I can reproduce this bug sometimes. It happens when scanning with a
graphical frontend. When I scan and cancel that scan the frontend
crashes with SIGSEGV. The chance of crashing is about 20%. Playing
with options seems to increase the chance sometimes (e.g color/gray
changes). Crashes occur with xsane, xscanimage and quiteinsane. I
haven't ever seen a crash with scanimage.

The crash happens with different Mustek SCSI scanners. So it sure
looks like a mustek backend problem.

The log files and gdb show that the crash is not in the backend, i.e.
not during a sane function call. Usually it happens during a malloc or
free call in libc after the call to sane_cancle has finished. But it's
not the same call every time. So it looks like some memory corruption
problem. I removed all free calls in mustek.c --> no change. If I
double the amount of memory of every malloc the bug seems to go away
(but I can't be sure). Some other unrelated code changes also seem to
hide the bug. I did some tests with valgrind but they weren't very
conclusive for me.

Normal scanning (without cancelling) never results in a segmentation
fault.

When I go back in history, the bug first occurs with a change in
sanei_scsi.c (!) between 1.0.7 and 1.0.8 (CVS version 1.33/1.34). When
I revert the following chnage in sanei_scsi, I don't can't get a
segmentation fault any more: 

-  fd = open (dev, O_RDWR | O_EXCL);
+  fd = open (dev, O_RDWR | O_EXCL 
+#if USE == LINUX_INTERFACE
+            | O_NONBLOCK
+#endif
+            );

Sure looks like a red herring but if I only change the O_NONBLOCK the
segfaults go away.

I'm out of ideas for how to track down the problem. Does anyone have
any ideas for what I should look?

Can anyone reproduce the segfaults with A Mustek SCSI (or any other
scanner)?

Bye,
  Henning