[hpoj-devel] [sane-devel] scanimage segfault
David Paschal
paschal@rcsis.com
Sat, 27 Apr 2002 02:01:32 -0700
Hi,
scanimage segfaults in the following situation:
- The backend has a boolean option (for example, "batch-scan") with
SANE_CAP_AUTOMATIC.
- The user passes the command-line option "--batch-scan" with no "=auto",
"=yes", or "=no" suffix, which as suggested by the brackets in the
"--help" syntax for this option appears to be a valid syntax, with the
expectation that it implies "=yes".
The obligatory gdb backtrace:
$ gdb scanimage
...
This GDB was configured as "i386-redhat-linux"...
(gdb) run -d hpoj:mlc:par:0 --batch --batch-scan
Starting program: /usr/local/bin/scanimage -d hpoj:mlc:par:0 --batch
--batch-scan
Program received signal SIGSEGV, Segmentation fault.
__strncasecmp (s1=0x0, s2=0x804eaa9 "auto", n=4)
at ../sysdeps/generic/strncase.c:68
68 ../sysdeps/generic/strncase.c: No such file or directory.
(gdb) bt
#0 __strncasecmp (s1=0x0, s2=0x804eaa9 "auto", n=4)
at ../sysdeps/generic/strncase.c:68
#1 0x804aa99 in process_backend_option (device=0x805fb78, optnum=7,
optarg=0x0) at scanimage.c:879
#2 0x804c629 in main (argc=5, argv=0xbffffb04) at scanimage.c:1760
(gdb)
The offending line is scanimage.c:879:
> if ((opt->cap & SANE_CAP_AUTOMATIC) && strncasecmp (optarg, "auto", 4) == 0)
because in this case, optarg is null. The solution would be to add a
"&& optarg" check before the strncasecmp call. That would make it
fall into the subsequent "switch (opt->type) ... case SANE_TYPE_BOOL: ...
if (optarg)" code, where this syntax variant is properly handled.
Would somebody with CVS write access please make this change before 1.0.8
is released? Incidentally, I was able to work around this bug in the
backend by removing SANE_CAP_AUTOMATIC from all the options.
Thanks,
David