[dev] Memory access violations and leaks

From: Henning Meier-Geinitz (henning@meier-geinitz.de)
Date: Sun May 06 2001 - 12:35:08 PDT

  • Next message: shailendra mehta: "RE: SANE API & file format"

    Hi,

    I did some more work to find accesses to memory that wasn't malloced
    and memory leaks. If you don't have purify or a similar tool but the
    GNU C library (glibc) you can check for memory problems this way:

    Set the environment variable MALLOC_TRACE to a path to a a logfile e.g.:
      export MALLOC_TRACE=/tmp/malloc.log
    Edit a frontend (e.g. scanimage) and add #include <mcheck.h> at the
    beginning and mtrace(); immediately at the start of the main function.
    When scanimage is started a log about each malloc() and free() is
    written into /tmp/malloc.log. The program mtrace helps to find freed
    memory that was never malloced and malloced memory that isn't freed:
      mtrace /usr/local/scanimage /tmp/mtrace.log

    More information is in info libc.

    It's easier if scanimage is linked statically to the libs. If you only
    want to check your backend, link it directly to scanimage (without dll
    and other backends).

    The following backends seem to use lines like if (config_line[len - 1] == '\n')
    to remove \n at the end of a line. This is not necessary because it's
    done already in sanei_config_read(). It can cause problems when len=0.
    That's just a fast grep, maybe I missed some or am wrong with some.

    - artec
    - bh
    - epson
    - m3096g
    - microtek2
    - mustek_pp
    - pie
    - sp15c
    - umax

    There seem to be a memory leak in sanei/sanei_scsi.c line 1271 but I
    haven't looked into the details.

    There are some more memory leaks in sanei_wire.c (or maybe in
    sanei_net.c or net.c) but I couldn't locate the exact problem yet.
    Probably a missing wire_free() somewhere.

    There are probably some more leaks especially in the case of memory
    allocated by str(n)dup that's not freed.

    In nearly every backend there is a memory leak in sane_get_devices().
    I don't think it's too grave because the list is only created once and
    freed before the next creation. But nevertheless this should be fixed.
    Backends:

    - abaton
    - agfafocus
    - apple
    - artec
    - as6e
    - avision
    - bh
    - canon
    - coolscan
    - dmc
    - epson
    - m3096
    - microtek
    - microtek2 ?
    - nec
    - pie
    - plustek
    - qcam
    - ricoh
    - s9036
    - sharp
    - sp15c
    - tamarack
    - umax
    - umax_pp
                
    Here is an example log from running scanimage -L:

    Memory not freed:
    -----------------
       Address Size Caller
    0x08174dc0 0x4 at /usr/src/sane/sane-backends/backend/umax_pp.c:946
    0x08174dd0 0x4 at /usr/src/sane/sane-backends/backend/umax.c:5394
    0x08174de0 0x1 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08174df0 0xd at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08174e08 0x8 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08174e18 0x4 at /usr/src/sane/sane-backends/backend/tamarack.c:935
    0x08174ec0 0x4 at /usr/src/sane/sane-backends/backend/sp15c.c:273
    0x08174f78 0x4 at /usr/src/sane/sane-backends/backend/plustek.c:863
    0x08174f88 0x4 at /usr/src/sane/sane-backends/backend/pie.c:2991
    0x08174f98 0x4 at /usr/src/sane/sane-backends/backend/nec.c:2165
    0x08174fe0 0x4 at /usr/src/sane/sane-backends/backend/sharp.c:2484
    0x08174ff0 0x4 at /usr/src/sane/sane-backends/backend/s9036.c:878
    0x08175000 0x4 at /usr/src/sane/sane-backends/backend/ricoh.c:548
    0x08175010 0x4 at /usr/src/sane/sane-backends/backend/qcam.c:1444
    0x08175020 0xd at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08175048 0x1 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x081753c0 0x16c at /usr/src/sane/sane-backends/sanei/sanei_scsi.c:1271
    0x08175960 0x24 at /usr/src/sane/sane-backends/backend/microtek2.c:5032
    0x08175988 0x24 at /usr/src/sane/sane-backends/backend/microtek2.c:5032
    0x081759b0 0x11 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x081759d8 0x4 at /usr/src/sane/sane-backends/backend/microtek.c:2933
    0x08175aa8 0x4 at /usr/src/sane/sane-backends/backend/m3096g.c:276
    0x08175ac8 0x4 at /usr/src/sane/sane-backends/backend/epson.c:2085
    0x08175ad8 0x4 at /usr/src/sane/sane-backends/backend/dmc.c:885
    0x08175ae8 0x4 at /usr/src/sane/sane-backends/backend/coolscan.c:3284
    0x08175af8 0x4 at /usr/src/sane/sane-backends/backend/canon-sane.c:74
    0x08175b08 0xd at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08175b20 0x4 at /usr/src/sane/sane-backends/backend/bh.c:3239
    0x08175b30 0x14 at /usr/src/sane/sane-backends/backend/as6e.c:841
    0x08175b48 0xb at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08176f90 0x4 at /usr/src/sane/sane-backends/backend/artec.c:2668
    0x08176fa0 0x1 at /lib/libc.so.6:(strndup+0x3e)[0x400c6cbe]
    0x08176fb0 0x4 at /usr/src/sane/sane-backends/backend/avision.c:1469
    0x08176fc0 0x4 at /usr/src/sane/sane-backends/backend/apple.c:1928
    0x08176fd0 0x4 at /usr/src/sane/sane-backends/backend/agfafocus.c:1326
    0x08176fe0 0x4 at /usr/src/sane/sane-backends/backend/abaton.c:913
    0x08177038 0xb at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x0817b8f0 0x60 at /lib/ld-linux.so.2:(_dl_debug_message+0x841)[0x4000af8d]
    0x0817df20 0x6 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817df30 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:186
    0x0817df48 0x6 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817df58 0x7 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817df68 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817df80 0xf at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817df98 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:186
    0x0817dfb0 0x6 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817dfc0 0x7 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817dfd0 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817dfe8 0xf at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x0817e000 0x44 at /usr/src/sane/sane-backends/backend/net.c:498
    0x0817e0b8 0x7 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x0817e0c8 0x10 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x0817e0e0 0xf at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x0817e168 0x7 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x0817e178 0x10 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x0817e190 0xf at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x081801c8 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:186
    0x081801e0 0x7 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x081801f0 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180208 0xf at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180220 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:186
    0x08180238 0x6 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180248 0x7 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180258 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180270 0xf at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180288 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:186
    0x081802a0 0x14 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x081802b8 0x7 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x081802c8 0x14 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x081802e0 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x081802f8 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:186
    0x08180310 0x13 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180328 0x8 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180338 0x9 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x08180348 0x10 at /usr/src/sane/sane-backends/sanei/sanei_wire.c:146
    0x081803d0 0x7 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x081803e0 0x10 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x081803f8 0xf at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180480 0x7 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180490 0x10 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x081804a8 0xf at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180540 0x7 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180550 0x14 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180568 0x10 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180600 0x8 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180610 0x9 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180620 0x10 at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180938 0xb at /lib/libc.so.6:(__strdup+0x2f)[0x400c6c5f]
    0x08180948 0xb at /usr/src/sane/sane-backends/backend/dc25.c:1725
    0x0818a7c0 0x10000 at /usr/src/sane/sane-backends/backend/coolscan.c:2102

    Bye,
      Henning 

    --
Source code, list archive, and docs: http://www.mostang.com/sane/
To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com

    This archive was generated by hypermail 2b29 : Sun May 06 2001 - 12:51:57 PDT