Bug 509041

Summary: skanpage/skanlite crash in KSaneCore::Option::name() with libksane/ksanecore 25.08.0
Product: [Frameworks and Libraries] libksane Reporter: Gilles Gagniard <gilles>
Component: generalAssignee: Kåre Särs <kare.sars>
Status: CONFIRMED ---    
Severity: crash CC: a.stippich, arojas
Priority: NOR    
Version First Reported In: 25.08.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Fix for crash with null options

Description Gilles Gagniard 2025-09-02 20:11:27 UTC 
SUMMARY

With libksane/ksanecore 25.08.0, both SKanpage and Skanlite immediately coredump when starting on my machine.

After downgrading to libksane/ksanecore 25.04.3, both SKanpage 25.08.0 and Skanlite 25.08.0 start working again and allow for successfully scanning. Therefore, this looks like a regression introduced by libksane 25.08.0.

STEPS TO REPRODUCE
1. Launch SKanpage or SkanLite
2. 
3. 

OBSERVED RESULT
Both applications fail to start and immediately coredump.

EXPECTED RESULT
Both applications start.

SOFTWARE/OS VERSIONS
KDE Plasma Version: 6.4.4
KDE Frameworks Version: 6.17.0
Qt Version: 6.9.2

ADDITIONAL INFORMATION

Coredump stacktrace:

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f7893898a13 in __pthread_kill_internal (threadid=<optimized out>, signo=11) at pthread_kill.c:89
#2  0x00007f789383e410 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#3  0x00007f7897ab7e97 in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kcrash/kcrash-6.17.0/src/kcrash.cpp:605
#4  <signal handler called>
#5  0x00007f7897b09209 in KSaneCore::Option::name (this=0x0) at /usr/src/debug/ksanecore/ksanecore-25.08.0/src/option.cpp:35
#6  0x00007f7897b006fa in KSaneCore::Interface::setOptionsMap (this=this@entry=0x55cee32995d0, options=...) at /usr/src/debug/ksanecore/ksanecore-25.08.0/src/interface.cpp:432
#7  0x000055ceb2f23977 in Skanpage::loadScannerOptions (this=0x55cee3048551) at /usr/src/debug/skanpage/skanpage-25.08.0/src/Skanpage.cpp:388
#8  Skanpage::finishOpeningDevice (this=this@entry=0x7ffe473df3b0, deviceName=..., deviceVendor=..., deviceModel=...) at /usr/src/debug/skanpage/skanpage-25.08.0/src/Skanpage.cpp:468
#9  0x000055ceb2f25600 in Skanpage::openDevice (this=0x7ffe473df3b0, deviceName=..., deviceVendor=..., deviceModel=...) at /usr/src/debug/skanpage/skanpage-25.08.0/src/Skanpage.cpp:416
#10 0x000055ceb2efdef1 in Skanpage::Skanpage (parent=0x0, this=0x7ffe473df3b0, deviceName=..., dumpOptionUrl=..., importUrl=...) at /usr/src/debug/skanpage/skanpage-25.08.0/src/Skanpage.cpp:126
#11 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/skanpage/skanpage-25.08.0/src/main.cpp:102
(gdb) 

KSaneCore::Option::name() is called with a null pointer ...

In case it helps, I'm using a network scanner.
Comment 1 Antonio Rojas 2025-09-23 10:33:10 UTC 
> KSaneCore::Option::name() is called with a null pointer ...
> 

Indeed, https://invent.kde.org/libraries/ksanecore/-/commit/f7fb8b0ad1470c27677e3805f1f8ac85991249bf moved the sourceOption->name() dereference before the null pointer check...
Comment 2 Gilles Gagniard 2025-10-02 17:25:08 UTC 
Created attachment 185464 [details]
Fix for crash with null options

This patch seems to do the trick for me, as I can start SKanPage and then successfully scan.
Comment 3 Kåre Särs 2025-10-03 08:41:02 UTC 
Thanks for the patch! :)

Do you want to make a MR at https://invent.kde.org/libraries/ksanecore/-/merge_requests

If not I can do it next week
Comment 4 Gilles Gagniard 2025-10-03 20:41:00 UTC 
(In reply to Kåre Särs from comment #3)
> Thanks for the patch! :)
> 
> Do you want to make a MR at
> https://invent.kde.org/libraries/ksanecore/-/merge_requests
> 
> If not I can do it next week

Done: https://invent.kde.org/libraries/ksanecore/-/merge_requests/35