Hi,
On Sun, Apr 29, 2001 at 03:03:56PM +0200, Petter Reinholdtsen wrote:
> **** Purify instrumented /export/home/pere/gnu/bin/scanimage (pid 24128) ****
> UMR: Uninitialized memory read (2 times):
> * This is occurring while in:
> sanei_config_read [sanei_config.c:194]
> sane_umax_init [umax.c:5350]
> init [dll.c:400]
> sane_dll_get_devices [dll.c:663]
> sane_get_devices [dll-s.c:15]
> main [scanimage.c:1468]
> * Reading 1 byte from 0xffbeec0f on the stack.
> * Address 0xffbeec0f is 1041 bytes below frame pointer in function sane_umax_init.
I don't know if this is really the culprit:
In sanei_config_read there is the following code:
len = strlen( str);
while( isspace( str[--len]))
str[len] = '\0';
Ok, if we have a str containing "\n" (empty line), len
will be 1 and str[--len] is '\n' and after that len = 0. Next step:
len is 0, --len is -1 --> str[-1] !
Something like
while((len > 0) && (isspace(str[--len])))
should fix this. Petter, can you check this with purify?
> **** Purify instrumented /export/home/pere/gnu/bin/scanimage (pid 24128) ****
> UMR: Uninitialized memory read (2 times):
> * This is occurring while in:
> sane_umax_init [umax.c:5337]
> init [dll.c:400]
> sane_dll_get_devices [dll.c:663]
> sane_get_devices [dll-s.c:15]
> main [scanimage.c:1468]
> _start [crt1.o]
> * Reading 1 byte from 0xffbeec0f on the stack.
> * Address 0xffbeec0f is 1041 bytes below frame pointer in function sane_umax_init.
umax.c:
len = strlen (config_line);
if (config_line[len - 1] == '\n')
{
config_line[--len] = '\0';
}
What happens if len==0? Similar things are probably in many backends.
[snipped all the sanei_config read stuff]
> **** Purify instrumented /export/home/pere/gnu/bin/scanimage (pid 24128) ****
> UMR: Uninitialized memory read:
> * This is occurring while in:
> sane_plustek_init [plustek.c:800]
> init [dll.c:400]
> sane_dll_get_devices [dll.c:663]
> sane_get_devices [dll-s.c:15]
> main [scanimage.c:1468]
> _start [crt1.o]
> * Reading 1 byte from 0xffbeec0f on the stack.
> * Address 0xffbeec0f is 1041 bytes below frame pointer in function sane_plustek_init.
plustek.c:
len = strlen(dev_name);
if( dev_name[len - 1] == '\n' )
dev_name[--len] = '\0';
That's similar.
> **** Purify instrumented /export/home/pere/gnu/bin/scanimage (pid 24128) ****
> UMR: Uninitialized memory read:
> * This is occurring while in:
> sane_artec_init [artec.c:2570]
> init [dll.c:400]
> sane_dll_get_devices [dll.c:663]
> sane_get_devices [dll-s.c:15]
> main [scanimage.c:1468]
> _start [crt1.o]
> * Reading 4 bytes from 0xffbef084 on the stack.
> * Address 0xffbef084 is local variable "version" in function init.
artec.c:
DBG (7, "sane_init( version_code = %d, callback() = %p )\n",
*version_code, authorize );
version_code may be NULL!
> **** Purify instrumented /export/home/pere/gnu/bin/scanimage (pid 24128) ****
> UMR: Uninitialized memory read (3 times):
> * This is occurring while in:
> bin_w_word [sanei_codec_bin.c:98]
> sanei_w_word [sanei_wire.c:215]
> sanei_w_array [sanei_wire.c:160]
> w_option_value [sanei_net.c:125]
> sanei_w_control_option_req [sanei_net.c:148]
> sanei_w_call [sanei_wire.c:405]
> * Reading 4 bytes from 0xffbef16c on the stack.
Don't know.
> **** Purify instrumented /export/home/pere/gnu/bin/scanimage (pid 24128) ****
> Current file descriptors in use: 7
> FIU: file descriptor 0: <stdin>
> FIU: file descriptor 1: <stdout>
> FIU: file descriptor 2: <stderr>
> FIU: file descriptor 3: "/export/home/pere/gnu/etc/sane.d/net.conf", O_RDONLY
> * File info: srw-rw-rw- 0 root root 0 Apr 29 13:39
> * This file descriptor was allocated from:
> __open [libc.so.1]
> _open [libc.so.1]
> _endopen [libc.so.1]
> fopen [libc.so.1]
> sanei_config_open [sanei_config.c:119]
> sane_net_init [net.c:355]
Does this mean the file descriptor for net.conf is still open? I don't
understand this because there IS a fclose.
> FIU: file descriptor 4: "/etc/.name_service_door", O_RDONLY
> * File info: ?r--r--r-- 1 root root 0 Apr 26 2000
> * This file descriptor was allocated from:
> __open64 [libc.so.1]
> _open64 [libc.so.1]
> _nsc_trydoorcall [libc.so.1]
> _door_gethostbyname_r [gethostby_door.c]
> _get_hostserv_inetnetdir_byname [netdir_inet.c]
> gethostbyname_r [gethostbyname_r.c]
This isn't caused by SANE?
> **** Purify instrumented /export/home/pere/gnu/bin/scanimage (pid 24128) ****
> Purify: Searching for all memory leaks...
>
> Memory leaked: 3413 bytes (32.3%); potentially leaked: 0 bytes (0%)
[lots of leaks in sanei_wire]
Are these the leaks you fixed or are these additional ones?
> MLK: 24 bytes leaked in 3 blocks
> * This memory was allocated from:
> malloc [rtlib.o]
> strndup [strndup.c:33]
> sanei_config_get_string [sanei_config.c:169]
> sanei_config_attach_matching_devices [sanei_config2.c:95]
> sane_pie_init [pie.c:2937]
> init [dll.c:400]
> * Block of 8 bytes (3 times); last block at 0x252fa0
"type" isn't freed in sanei_config_attach_matching_devices.
> MLK: 20 bytes leaked at 0x2467a8
> * This memory was allocated from:
> malloc [rtlib.o]
> attach [as6e.c:841]
> sane_as6e_init [as6e.c:627]
> init [dll.c:400]
> sane_dll_get_devices [dll.c:663]
> sane_get_devices [dll-s.c:15]
"dev" doesn't seem to be freed but i don't understand why.
> MLK: 5 bytes leaked in 5 blocks
> * This memory was allocated from:
> malloc [rtlib.o]
> strndup [strndup.c:33]
> sanei_config_get_string [sanei_config.c:169]
> sane_mustek_init [mustek.c:4840]
> init [dll.c:400]
> sane_dll_get_devices [dll.c:663]
> * Block of 1 byte (5 times); last block at 0x2474a8
"word" doesn't seem to be freed on some ocasions.
> MLK: 1 byte leaked at 0x24a480
> * This memory was allocated from:
> malloc [rtlib.o]
> strndup [strndup.c:33]
> sanei_config_get_string [sanei_config.c:169]
> sane_avision_init [avision.c:1393]
> init [dll.c:400]
> sane_dll_get_devices [dll.c:663]
Same here.
Bye,
Henning
-- Source code, list archive, and docs: http://www.mostang.com/sane/ To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com
This archive was generated by hypermail 2b29 : Sun Apr 29 2001 - 07:50:17 PDT