--- backend/epson.c.orig 2006-07-04 14:45:33.000000000 +0200 +++ backend/epson.c 2006-07-04 14:46:27.000000000 +0200 @@ -1331,7 +1331,7 @@ set_gamma_table (Epson_Scanner * s) { for (i = 0; i < 256; i += 16) { - char gammaValues[16 * 3 + 1], newValue[3]; + char gammaValues[16 * 3 + 1], newValue[4]; gammaValues[0] = '\0'; --- backend/as6e.c.orig 2004-10-03 16:21:45.000000000 +0200 +++ backend/as6e.c 2006-10-27 12:52:54.000000000 +0200 @@ -811,9 +811,11 @@ check_for_driver (const char *devname) dir[count - offset] = path[count]; count++; } - strncpy (fullname, dir, NAMESIZE); - strncat (fullname, "/", NAMESIZE); - strncat (fullname, devname, NAMESIZE); + /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */ + strncpy (fullname, dir, sizeof(fullname)-1); + /* take into account that fullname already contains non-null bytes */ + strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1); + strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1); if (!stat (fullname, &statbuf)) { modes = statbuf.st_mode; --- sanei/sanei_ab306.c.orig 2007-01-31 14:13:16.000000000 +0100 +++ sanei/sanei_ab306.c 2007-01-31 14:38:26.000000000 +0100 @@ -273,7 +273,7 @@ sanei_ab306_open (const char *dev, int * if (port[i].base == base) break; - if (port[i].base != base) + if (i >= NELEMS(port)) { DBG(1, "sanei_ab306_open: %lx is not a valid base address\n", base); return SANE_STATUS_INVAL; --- backend/niash.c.orig 2006-02-04 12:34:28.000000000 +0100 +++ backend/niash.c 2007-02-21 15:38:12.000000000 +0100 @@ -89,7 +89,9 @@ typedef enum optLamp, optCalibrate, - optGamma /* analog gamma = single number */ + optGamma, /* analog gamma = single number */ +/* have optEndOfList only to define arrays with sufficient size */ + optEndOfList } EOptionIndex; @@ -105,8 +107,8 @@ typedef union typedef struct { - SANE_Option_Descriptor aOptions[optLast]; - TOptionValue aValues[optLast]; + SANE_Option_Descriptor aOptions[optEndOfList]; + TOptionValue aValues[optEndOfList]; TScanParams ScanParams; THWParams HWParams;