Hi, I'm have been hunting a bug for quite some time now. Silvio Vogt found out that cancelling a scan on Mustek SCSI scanners leads to a segmentation fault.
I can reproduce this bug sometimes. It happens when scanning with a graphical frontend. When I scan and cancel that scan the frontend crashes with SIGSEGV. The chance of crashing is about 20%. Playing with options seems to increase the chance sometimes (e.g color/gray changes). Crashes occur with xsane, xscanimage and quiteinsane. I haven't ever seen a crash with scanimage. The crash happens with different Mustek SCSI scanners. So it sure looks like a mustek backend problem. The log files and gdb show that the crash is not in the backend, i.e. not during a sane function call. Usually it happens during a malloc or free call in libc after the call to sane_cancle has finished. But it's not the same call every time. So it looks like some memory corruption problem. I removed all free calls in mustek.c --> no change. If I double the amount of memory of every malloc the bug seems to go away (but I can't be sure). Some other unrelated code changes also seem to hide the bug. I did some tests with valgrind but they weren't very conclusive for me. Normal scanning (without cancelling) never results in a segmentation fault. When I go back in history, the bug first occurs with a change in sanei_scsi.c (!) between 1.0.7 and 1.0.8 (CVS version 1.33/1.34). When I revert the following chnage in sanei_scsi, I don't can't get a segmentation fault any more: - fd = open (dev, O_RDWR | O_EXCL); + fd = open (dev, O_RDWR | O_EXCL +#if USE == LINUX_INTERFACE + | O_NONBLOCK +#endif + ); Sure looks like a red herring but if I only change the O_NONBLOCK the segfaults go away. I'm out of ideas for how to track down the problem. Does anyone have any ideas for what I should look? Can anyone reproduce the segfaults with A Mustek SCSI (or any other scanner)? Bye, Henning
