retitle 583273 libsane-hpaio: duplex option descriptor uninitialized reassign 583273 hplip/3.12.2-1 tag 583273 patch upstream thanks
On Thu, May 17, 2012 at 10:17:30PM +0400, Андрей Парамонов wrote: > 2012/5/17 Matej Vela <v...@debian.org>: >> Andrey, can you try rebuilding libsane-hpaio with the patch below? Or I can >> put together an (unofficial) package -- just let me know which dist/arch. >> >> This is what seems to be happening: >> >> (1) hplip-3.12.2/scan/sane/hpaio.c (sane_hpaio_open) initializes the option >> descriptor array with zeros. Most descriptors are later given actual >> values (hpaioSetupOptions), but OPTION_DUPLEX (index 10) is initialized >> only if duplex is active; if not, its .size is left as 0. >> >> (2) gnome-scan-0.6.2/modules/gsane-scanner.c (gss_option_get_value_by_index) >> fetches the duplex option descriptor, and passes its .size without >> checking to g_malloc0. For a size of 0, g_malloc0 is defined to return >> NULL. This is again passed without checking to sane_control_option, >> which segfaults as soon as it tries to store the return value there. >> >> It's a given that gnome-scan would be better off with more sanity checks, >> but I think the right thing to do is for libsane-hpaio to initialize the >> OPTION_DUPLEX descriptor unconditionally, to ensure that the return value >> from sane_get_option_descriptor is valid for all callers. >> >> (I haven't worked with SANE before, and don't have a scanner to test with, >> so take all this with a large grain of salt. :-) > > I've checked your patch and it works! Flegita appears to be really > nice program ;-) Great, let's reassign it then. Dear hplip maintainers, please let me know if there's anything I can help with further. Cheers, Matej -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org