I'm trying to debug this and am having a little bit of difficulty. I'm able to use the following configure command to compile debugging symbols into libsane, but am unable to disable optimizations. This is preventing me from seeing many relevant variables when stepping through with gdb. I'm still a little new at debugging, any suggestions?
./configure --prefix=/usr --sysconfdir=/etc --enable-debug=yes --disable-optimization However, I think I've found the root of the problem. I'm building a vanilla libsane 1.0.20 from the sane project's download mirror. The problem lies in backends/canon.c. line 255 parses the "film type" from what I believe is a message from my scanner hardware. During normal runs this value is 0. Occasionally I see 5 being returned. This causes a segfault at line 1763 since it overflows the tpu_filmtype_list array. That array is defined at line 183 and only has 5 elements. So, strdup is given a bogus string pointer and generates a seg fault when trying to determine its length. The sensible solution to this problem is to a bounds check near line 255 to restrict the film type to a sane value given the hard coded array. FWIW my scanner is a Canon FB1200S (model #IX-12015E) which connects through an Adaptec AIC-7850 scsi controller. If someone could point me to some docs on Ubuntu's process to submit a patch I could give it a shot myself. -- Canon backend exhibits segfault during open https://bugs.launchpad.net/bugs/378180 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
