sane-backends/fix-buffer-overflow.patch

64 lines
2.2 KiB
Diff

--- backend/epson.c.orig 2006-07-04 14:45:33.000000000 +0200
+++ backend/epson.c 2006-07-04 14:46:27.000000000 +0200
@@ -1331,7 +1331,7 @@ set_gamma_table (Epson_Scanner * s)
{
for (i = 0; i < 256; i += 16)
{
- char gammaValues[16 * 3 + 1], newValue[3];
+ char gammaValues[16 * 3 + 1], newValue[4];
gammaValues[0] = '\0';
--- backend/as6e.c.orig 2004-10-03 16:21:45.000000000 +0200
+++ backend/as6e.c 2006-10-27 12:52:54.000000000 +0200
@@ -811,9 +811,11 @@ check_for_driver (const char *devname)
dir[count - offset] = path[count];
count++;
}
- strncpy (fullname, dir, NAMESIZE);
- strncat (fullname, "/", NAMESIZE);
- strncat (fullname, devname, NAMESIZE);
+ /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */
+ strncpy (fullname, dir, sizeof(fullname)-1);
+ /* take into account that fullname already contains non-null bytes */
+ strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1);
+ strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1);
if (!stat (fullname, &statbuf))
{
modes = statbuf.st_mode;
--- sanei/sanei_ab306.c.orig 2007-01-31 14:13:16.000000000 +0100
+++ sanei/sanei_ab306.c 2007-01-31 14:38:26.000000000 +0100
@@ -273,7 +273,7 @@ sanei_ab306_open (const char *dev, int *
if (port[i].base == base)
break;
- if (port[i].base != base)
+ if (i >= NELEMS(port))
{
DBG(1, "sanei_ab306_open: %lx is not a valid base address\n", base);
return SANE_STATUS_INVAL;
--- backend/niash.c.orig 2006-02-04 12:34:28.000000000 +0100
+++ backend/niash.c 2007-02-21 15:38:12.000000000 +0100
@@ -89,7 +89,9 @@ typedef enum
optLamp,
optCalibrate,
- optGamma /* analog gamma = single number */
+ optGamma, /* analog gamma = single number */
+/* have optEndOfList only to define arrays with sufficient size */
+ optEndOfList
} EOptionIndex;
@@ -105,8 +107,8 @@ typedef union
typedef struct
{
- SANE_Option_Descriptor aOptions[optLast];
- TOptionValue aValues[optLast];
+ SANE_Option_Descriptor aOptions[optEndOfList];
+ TOptionValue aValues[optEndOfList];
TScanParams ScanParams;
THWParams HWParams;