On Sat, 2019-11-02 at 17:41 +0100, Rolf Bensch wrote: > Hi Louis, > > Do you have any ideas about this issue? > > Cheers, > Rolf > I have this on my list for next week: I am having a few issues with my Maxify 5450 that I need to fix first to get a stable platform to test (although my ethernet switches may be causing some of the issues). once that is done I am planning to look into open Sane/BJNP issues.
It would help if I could get a wireshark dump so I can try to understand what is happening BR, Louis > Am 01.11.19 um 00:31 schrieb Ralph Little: > > Hi, > > > > On Thu, Oct 31, 2019 at 4:12 PM David McMahon <the...@gmail.com > > <mailto:the...@gmail.com>> wrote: > > > > > > Thanks for the clue! Looking on that on the settings page of > > the > > printer, the hostname is the default of "Canoncbcab3" which > > seems > > harmless enough. I changed it to "Can" to see if that changed > > anything, but still getting the buffer overflow. > > If you have a link handy to that part of the code, can you > > point me > > to it? Maybe it's something else right after the strcpy(). > > > > > > > > Hmm, that might have been slightly misleading. > > > > I'm looking at backend/pixma_bjnp.c at line 801, which is where we > > see > > the last successful debug message from the function > > get_scanner_id(): > > > > "get_scanner_id: Scanner model = ...." > > > > It returns to the only place it is called, line 1817 in > > add_scanner(). > > We don't get the error message (at line 1819) so it must next call > > the > > function determine_scanner_serial() which attempts to determine a > > "serial number" for the scanner. > > This could be one of a selection of things, so that might be the > > culprit, since it does some strcpy() calls in there, although we > > don't > > have any debug messages in there, so we don't really know how far > > it got > > before the buffer overrun struck :( > > > > If it were me chasing this, I would add some more dbg messages to > > see > > how far it got, perhaps one after the call to > > determine_scanner_serial() > > to see if it returned to start off with. If it didn't some dbg in > > the > > function determine_scanner_serial() to see what it decided. > > > > Cheers, > > Ralph