[sane-devel] saned issues for remote scanner access
Julien BLACHE
jb@jblache.org
Sun, 22 Feb 2004 18:04:04 +0100
Henning Meier-Geinitz <henning@meier-geinitz.de> wrote:
> sane_cancel (handle[h].handle);
>
> That's called with h = -1. Either that causes a segfault or the call
> to sane_cancle of the gt68xx backend with some random handle causes
> the segfault.
>
> I guess saned should check for -1 here before calling sane_cancel.
Looking at the code, there are only 2 cases where the return from
decode_handle() isn't checked. SANE_NET_CANCEL is one, SANE_NET_CLOSE
is the other.
> I don't understand why the handle was wither not in use or <
> num_handles, however.
There's only one place in the code where the handle is marked as not
in use. There's something weird. We need to decide what condition
sent us there.
Jim, is the error 100% reproducible ? If yes, could you add the
following lines in saned.c, decode_handle(), between lines 459 and 460?
DBG (DBG_ERR, "decode_handle: w->status: %d, h: %d, num_handles: %d, inuse: %d\n",
w->status, h, num_handles, handle[h].inuse);
JB.
--
Julien BLACHE <http://www.jblache.org>
<jb@jblache.org> GPG KeyID 0xF5D65169