[sane-devel] bug #303798: possible buffer overflow in fujitsu.c
m. allan noah
anoah at pfeiffer.edu
Fri Sep 1 18:06:33 UTC 2006
>> right now I submitted
>> https://alioth.debian.org/tracker/?group_id=30186&atid=410366&func=detail&aid=303798
>>
>> But this does not mean that s->hw_ink_remain contains what is
>> really intended - I don't know anything about Fujitsu scanners.
>
> oh, how embarassing :) yes, that buffer should be 11 or 12 bytes long. i will
> commit a fix and close the bug report.
>
hmm, not as simple as that, afterall. johannes, i think your fix of asking
for 11 bytes will cause some older models of scanner to choke, as they
only provide 10 bytes. the current sane cvs can handle this, but sane
1.0.18 version of fujitsu backend will probably fail.
i recommend that you change your fix to return that buffer to 10 bytes
long, and comment out:
s->hw_ink_remain = get_HW_ink_remain(buffer);
the ink level is of no use currently anyway, since the endorser is
disabled.
allan
More information about the sane-devel
mailing list