[sane-devel] sane-backends CVS snapshot dated 2007 Oct 24
Hello, right now I packaged sane-backends CVS snapshot dated 2007 Oct 24 and I have still two patches where I think they should be included upstream. For your information I attached the patches as gzipped files. 1) fix-buffer-overflow.patch has a fix for an array subscript is above array bounds error in niash.c, see https://bugzilla.novell.com/show_bug.cgi?id=246654 and a fix for an array subscript is above array bounds error in sanei_ab306.c, see https://bugzilla.novell.com/show_bug.cgi?id=239953 and fixes of possible strncat buffer overflows and strncpy unterminated string errors in as6e.c (no Suse bug for this) 2) fix-uninitialized-variables.patch fixes an uninitialized variable in teco2.c, see https://bugzilla.novell.com/show_bug.cgi?id=205451 The issues are detectde by checking the complier warnings and report things of interest. Even if the code may be actually o.k. the patches would at least help to let it look o.k. even for the compiler ;-) Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex -- next part -- A non-text attachment was scrubbed... Name: fix-buffer-overflow.patch.gz Type: application/x-gzip Size: 861 bytes Desc: fix-buffer-overflow.patch.gz Url : http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20071025/0aae5c75/attachment.bin -- next part -- A non-text attachment was scrubbed... Name: fix-uninitialized-variables.patch.gz Type: application/x-gzip Size: 256 bytes Desc: fix-uninitialized-variables.patch.gz Url : http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20071025/0aae5c75/attachment-0001.bin
[sane-devel] sane-backends CVS snapshot dated 2007 Oct 24
Johannes Meixner jsmeix at suse.de wrote: Hi, 1) fix-buffer-overflow.patch has a fix for an array subscript is above array bounds error in niash.c, see https://bugzilla.novell.com/show_bug.cgi?id=246654 I think the fix isn't appropriate, though there is something fishy in the way the options are disabled by moving the optLast member of the enum around. Please get the niash maintainer to fix this one properly :) and a fix for an array subscript is above array bounds error in sanei_ab306.c, see https://bugzilla.novell.com/show_bug.cgi?id=239953 That one is correct and committed. and fixes of possible strncat buffer overflows and strncpy unterminated string errors in as6e.c (no Suse bug for this) Committed too. 2) fix-uninitialized-variables.patch fixes an uninitialized variable in teco2.c, see https://bugzilla.novell.com/show_bug.cgi?id=205451 That code looks fishy, size is used to initialize an element of cdb and then is initialized with another element of cdb. Setting it to 0 should be OK but I'll leave that up to someone more familiar with the backend. JB. -- Julien BLACHE http://www.jblache.org jb at jblache.org GPG KeyID 0xF5D65169
[sane-devel] sane-backends CVS snapshot dated 2007 Oct 24
On Thu, 2007-10-25 at 15:30 +0200, Julien BLACHE wrote: Johannes Meixner jsmeix at suse.de wrote: Hi, 2) fix-uninitialized-variables.patch fixes an uninitialized variable in teco2.c, see https://bugzilla.novell.com/show_bug.cgi?id=205451 That code looks fishy, size is used to initialize an element of cdb and then is initialized with another element of cdb. Setting it to 0 should be OK but I'll leave that up to someone more familiar with the backend. JB. -- Julien BLACHE http://www.jblache.org jb at jblache.org GPG KeyID 0xF5D65169 Still on my list for to do, i have some test done but not completed yet -- m.vr.gr. Gerard Klaver