[sane-devel] Problem with libusb and 64 bits 2.6.25 kernel
nicolas.martin at freesurf.fr
Wed Jun 25 09:48:57 UTC 2008
Thanks Sam and Dennis for these explanations, I think also that buffer
overflow risk is now very unlikely to happen:
- The read function now requests the exact count of bytes to read from usb,
which secures against device misbehaving
- A failing usb stack that would return more bytes than expected is
So not worth adding special code in this function, we stay then with Sam's
patch, and I'll commit it into CVS.
Dennis Lou wrote:
> The way I see it, Sam's buffer overflow concern is predicated on a
> misbehaving device. I haven't witnessed it but it is possible given that
> we're reverse engineering things rather than working from a formal spec.
> Nicolas' buffer overflow concern is predicated on a misbehaving usb stack.
> It's also possible, but probably less likely than Sam's concern. Which to
> implement depends on how paranoid you are about the behavior of the device
> and libusb.
View this message in context: http://www.nabble.com/Problem-with-libusb-and-64-bits-2.6.25-kernel-tp17478721p18108619.html
Sent from the SANE - Dev mailing list archive at Nabble.com.
More information about the sane-devel