[sane-devel] Avision bug (was: Re: Suicidal Child Process - SANE)

m. allan noah kitno455 at gmail.com
Tue Dec 9 15:51:09 UTC 2008


but the pointer could just as easily overflow to -1, so that's broken too.

allan

On Tue, Dec 9, 2008 at 10:48 AM, Mattias Ellert
<mattias.ellert at fysast.uu.se> wrote:
> mån 2008-12-08 klockan 09:46 -0500 skrev m. allan noah:
>> After some private mails with Ian, it seems this is a bug in sane-avision:
>>
>> during sane_cancel(), the backend calls: sanei_thread_kill
>> (s->reader_pid), but s->reader_pid is 0, which signals the entire
>> group. There is a test to try and avoid this, but it relies on prior
>> code to have set s->reader_pid = -1, which has not happened in the
>> case of no paper.
>>
>> I just expanded the test to require a positive value, since the pid
>> should never be negative anyway? My fix has just been commited to CVS
>> (backend version 289 nice round number for Ford and Studebaker fans).
>> Ian and Rene- please test.
>>
>> allan
>
> This breaks the MacOS X port. The PID number (being a pointer) can be
> arbitrary large, and when cast to an integer it can easily overflow to a
> negative value. The code was fixed for this problem by removing all
> places where the code was checking for a PID > 0. For the avision
> backend this was done here:
>
> https://alioth.debian.org/plugins/scmcvs/cvsweb.php/sane-backends/backend/avision.c.diff?r1=1.38;r2=1.39;cvsroot=sane
>
> Your commit:
>
> https://alioth.debian.org/plugins/scmcvs/cvsweb.php/sane-backends/backend/avision.c.diff?r1=1.43;r2=1.44;cvsroot=sane
>
> reintroduces the problem fixed by the earlier commit. Please revert it
> and fix the new problem in a way that doesn't break the MacOS X port.
>
>        Mattias
>
>



-- 
"The truth is an offense, but not a sin"



More information about the sane-devel mailing list