1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
Description: prevent out-of-bounds
Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
Forwarded: http://lists.alioth.debian.org/pipermail/sane-devel/2014-October
Last-Update: 2014-10-26
---
Index: trunk/backend/genesys_devices.c
===================================================================
--- trunk.orig/backend/genesys_devices.c
+++ trunk/backend/genesys_devices.c
@@ -3362,7 +3362,7 @@ static Genesys_Model canon_formula101_mo
100
};
-
+/* put the size on MAX_SCANNERS in genesys_low.h */
static Genesys_USB_Device_Entry genesys_usb_device_list[] = {
/* GL646 devices */
{0x03f0, 0x0901, &hp2300c_model},
Index: trunk/backend/genesys_low.h
===================================================================
--- trunk.orig/backend/genesys_low.h
+++ trunk/backend/genesys_low.h
@@ -309,8 +309,9 @@ typedef enum Genesys_Color_Order
}
Genesys_Color_Order;
-
-#define MAX_SCANNERS 50
+/* To prevent out-of-bounds errors MAX_SCANNERS must be the size of genesys_usb_device_list */
+/* found on genesys_devices.c */
+#define MAX_SCANNERS 40
#define MAX_RESOLUTIONS 13
#define MAX_DPI 4
Index: trunk/backend/umax1220u-common.c
===================================================================
--- trunk.orig/backend/umax1220u-common.c
+++ trunk/backend/umax1220u-common.c
@@ -972,7 +972,8 @@ move_2100U (UMAX_Handle * scan, int dist
unsigned char ope2[3] = {
0x00, 0xff, 0xff
};
- unsigned char buf[512];
+ /* To prevent out-of-bounds in functions (PAD|CKK)_ARRAY set the size from 512 to 522 */
+ unsigned char buf[512 + PAD];
SANE_Status res;
Index: trunk/backend/hs2p.h
===================================================================
--- trunk.orig/backend/hs2p.h
+++ trunk/backend/hs2p.h
@@ -264,7 +264,8 @@ typedef struct HS2P_Scanner
Option_Value val[NUM_OPTIONS];
SANE_Parameters params; /* SANE image parameters */
/* additional values that don't fit into Option_Value representation */
- SANE_Word gamma_table[GAMMA_LENGTH]; /* Custom Gray Gamma Table */
+ /* To prevnted out-of-bounds add + 2 */
+ SANE_Word gamma_table[GAMMA_LENGTH + 2]; /* Custom Gray Gamma Table */
/* state information - not options */
Index: trunk/backend/niash.c
===================================================================
--- trunk.orig/backend/niash.c
+++ trunk/backend/niash.c
@@ -64,6 +64,7 @@
/* options enumerator */
+/* on changes please check the typedef struct TScanner */
typedef enum
{
optCount = 0,
@@ -105,8 +106,8 @@ typedef union
typedef struct
{
- SANE_Option_Descriptor aOptions[optLast];
- TOptionValue aValues[optLast];
+ SANE_Option_Descriptor aOptions[optGamma + 1];
+ TOptionValue aValues[optGamma + 1];
TScanParams ScanParams;
THWParams HWParams;
|
