On Fri, May 28, 2010 at 10:42:44PM +0200, Julien BLACHE wrote:
> Андрей Парамонов <cmr.p...@gmail.com> wrote:
>
>> I've managed to get the following backtrace with hplip debug symbols:
>>
>> 0xb090304c in sane_hpaio_control_option (handle=0x8262800, option=10,
>> action=SANE_ACTION_GET_VALUE, pValue=0x0,
>> pInfo=0xb34b21ac) at scan/sane/hpaio.c:2485
>> 2485 *pIntValue = hpaio->currentDuplex;
>
> I think we have a winner :-) Now you'll just have to figure out why
> gnome-scan passes NULL here :/
Andrey, can you try rebuilding libsane-hpaio with the patch below? Or I can
put together an (unofficial) package -- just let me know which dist/arch.
This is what seems to be happening:
(1) hplip-3.12.2/scan/sane/hpaio.c (sane_hpaio_open) initializes the option
descriptor array with zeros. Most descriptors are later given actual
values (hpaioSetupOptions), but OPTION_DUPLEX (index 10) is initialized
only if duplex is active; if not, its .size is left as 0.
(2) gnome-scan-0.6.2/modules/gsane-scanner.c (gss_option_get_value_by_index)
fetches the duplex option descriptor, and passes its .size without
checking to g_malloc0. For a size of 0, g_malloc0 is defined to return
NULL. This is again passed without checking to sane_control_option,
which segfaults as soon as it tries to store the return value there.
It's a given that gnome-scan would be better off with more sanity checks,
but I think the right thing to do is for libsane-hpaio to initialize the
OPTION_DUPLEX descriptor unconditionally, to ensure that the return value
from sane_get_option_descriptor is valid for all callers.
(I haven't worked with SANE before, and don't have a scanner to test with,
so take all this with a large grain of salt. :-)
Cheers,
Matej
--- hplip-3.12.2/scan/sane/hpaio.c~ 2012-02-01 11:52:35.000000000 +0000
+++ hplip-3.12.2/scan/sane/hpaio.c 2012-05-17 10:07:20.000000000 +0100
@@ -1342,9 +1342,8 @@
hpaio->option[OPTION_ADF_MODE].constraint_type =
SANE_CONSTRAINT_STRING_LIST;
hpaio->option[OPTION_ADF_MODE].constraint.string_list = hpaio->adfModeList;
- // Duplex scanning is supported
- if (hpaio->supportsDuplex == 1)
- {
+ // hpaioUpdateDescriptors will leave this active or inactive depending
+ // on whether duplex is supported
hpaio->option[OPTION_DUPLEX].name = STR_NAME_DUPLEX;
hpaio->option[OPTION_DUPLEX].title = STR_TITLE_DUPLEX;
hpaio->option[OPTION_DUPLEX].desc = STR_DESC_DUPLEX;
@@ -1355,7 +1354,7 @@
SANE_CAP_SOFT_DETECT |
SANE_CAP_ADVANCED;
hpaio->option[OPTION_DUPLEX].constraint_type = SANE_CONSTRAINT_NONE;
- }
+
hpaio->option[GROUP_GEOMETRY].title = STR_TITLE_GEOMETRY;
hpaio->option[GROUP_GEOMETRY].type = SANE_TYPE_GROUP;
hpaio->option[GROUP_GEOMETRY].cap = SANE_CAP_ADVANCED;
