1 files changed, 85 insertions, 0 deletions
diff --git a/debian/patches/out_of_bounds.patch b/debian/patches/out_of_bounds.patch
new file mode 100644
index 0000000..43aeaf6
--- /dev/null
+++ b/debian/patches/out_of_bounds.patch
@@ -0,0 +1,85 @@
+Description: prevent out-of-bounds
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Forwarded: http://lists.alioth.debian.org/pipermail/sane-devel/2014-October
+Last-Update: 2014-10-26
+---
+Index: trunk/backend/genesys_devices.c
+===================================================================
+--- trunk.orig/backend/genesys_devices.c
++++ trunk/backend/genesys_devices.c
+@@ -3362,7 +3362,7 @@ static Genesys_Model canon_formula101_mo
+   100
+ };
+ 
+-
++/* put the size on MAX_SCANNERS in genesys_low.h */
+ static Genesys_USB_Device_Entry genesys_usb_device_list[] = {
+   /* GL646 devices */
+   {0x03f0, 0x0901, &hp2300c_model},
+Index: trunk/backend/genesys_low.h
+===================================================================
+--- trunk.orig/backend/genesys_low.h
++++ trunk/backend/genesys_low.h
+@@ -309,8 +309,9 @@ typedef enum Genesys_Color_Order
+ }
+ Genesys_Color_Order;
+ 
+-
+-#define MAX_SCANNERS 50
++/* To prevent out-of-bounds errors MAX_SCANNERS must be the size of genesys_usb_device_list */
++/* found on genesys_devices.c                                                               */
++#define MAX_SCANNERS 40
+ #define MAX_RESOLUTIONS 13
+ #define MAX_DPI 4
+ 
+Index: trunk/backend/umax1220u-common.c
+===================================================================
+--- trunk.orig/backend/umax1220u-common.c
++++ trunk/backend/umax1220u-common.c
+@@ -972,7 +972,8 @@ move_2100U (UMAX_Handle * scan, int dist
+   unsigned char ope2[3] = {
+     0x00, 0xff, 0xff
+   };
+-  unsigned char buf[512];
++  /* To prevent out-of-bounds in functions (PAD|CKK)_ARRAY set the size from 512 to 522 */
++  unsigned char buf[512 + PAD];
+ 
+ 
+   SANE_Status res;
+Index: trunk/backend/hs2p.h
+===================================================================
+--- trunk.orig/backend/hs2p.h
++++ trunk/backend/hs2p.h
+@@ -264,7 +264,8 @@ typedef struct HS2P_Scanner
+   Option_Value val[NUM_OPTIONS];
+   SANE_Parameters params;	/* SANE image parameters */
+   /* additional values that don't fit into Option_Value representation */
+-  SANE_Word gamma_table[GAMMA_LENGTH];	/* Custom Gray Gamma Table */
++  /* To prevnted out-of-bounds add + 2                                 */
++  SANE_Word gamma_table[GAMMA_LENGTH + 2];	/* Custom Gray Gamma Table */
+ 
+   /* state information - not options */
+ 
+Index: trunk/backend/niash.c
+===================================================================
+--- trunk.orig/backend/niash.c
++++ trunk/backend/niash.c
+@@ -64,6 +64,7 @@
+ 
+ 
+ /* options enumerator */
++/* on changes please check the typedef struct TScanner */
+ typedef enum
+ {
+   optCount = 0,
+@@ -105,8 +106,8 @@ typedef union
+ 
+ typedef struct
+ {
+-  SANE_Option_Descriptor aOptions[optLast];
+-  TOptionValue aValues[optLast];
++  SANE_Option_Descriptor aOptions[optGamma + 1];
++  TOptionValue aValues[optGamma + 1];
+ 
+   TScanParams ScanParams;
+   THWParams HWParams;