[sane-devel] Problem with libusb and 64 bits 2.6.25 kernel

Sam Varshavchik mrsam at courier-mta.com
Wed Jun 25 22:20:22 UTC 2008

Dennis Lou writes:

> The way I see it, Sam's buffer overflow concern is predicated on a
> misbehaving device.  I haven't witnessed it but it is possible given that
> we're reverse engineering things rather than working from a formal spec. 
> Nicolas' buffer overflow concern is predicated on a misbehaving usb stack.
>  It's also possible, but probably less likely than Sam's concern.  Which
> to implement depends on how paranoid you are about the behavior of the
> device and libusb.

Clarification: my patch is needed to fix the following bug, referenced 
earlier in the thread:

>>> Hi Dennis, 
>>> A bug was opened a while back by Sam Varshavchik, concerning the pixma
>>> backend for Canon ImageClass MF-4270, when compiled and used on a 64
>>> bits platform (no issue so far on 32 bits), details are given here:
>>> https://alioth.debian.org/tracker/?group_id=30186&atid=410366&func=detail&aid=310861

The original code issues a read request to libusb for more bytes than 
actually expected, and, apparently, on some hardware that causes a USB 
timeout, with Various Bad Things™, as I described in the bug. Besides a 
single scan now taking ~30 minutes, the resulting pnm is corrupted.

By changing the code not to ask to read more than what's expected, that 
fixes both the original bug, and the overflow problem.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20080625/f781e6d1/attachment.pgp 

More information about the sane-devel mailing list