[sane-devel] Bug in scanimage.c + Patch

Wed Mar 20 16:27:38 GMT 2002

Hi,

I think there is a small bug in the code handling the -f option. IMHO it mallocs
a one byte to small buffer for a strcpy action. I could reproduce some crashes
which disappeared after having applied the attached patch.

If you agree, please apply the patch.

Regards,

Klaas


-- 
 ----------------------------------------------------------------------
 Ja mach nur einen Plan und sei ein grosses Licht         Klaas Freitag
 dann mach noch einen zweiten Plan    *            mail freitag at suse.de
 gehn tun sie beide nicht. - B. Brecht             SuSE Labs, Nuernberg
 ----------------------------------------------------------------------
-------------- next part --------------

--- scanimage.orig.c	Wed Mar 20 17:12:11 2002
+++ scanimage.c	Wed Mar 20 17:12:41 2002
@@ -1501,7 +1501,7 @@
 	            exit(1);
 	          }
 	        
-	        fmt = malloc(strlen(optarg));
+	        fmt = strdup(optarg);
 	        if (fmt == 0)
 	          {
 	            fprintf(stderr, "%s: not enough memory\n", prog_name);
@@ -1511,7 +1511,6 @@
 	        for (i = 0; device_list[i]; ++i)
 	          {
 	            n = 0;
-	            strcpy(fmt, optarg);
 	            start = fmt;
 	            while( (percent = strchr(start, '%')) )
 	              {
