[sane-devel] Potential buffer overflow when scanning more than 16384 bytes per line with Brother MFC-6490CW

m. allan noah kitno455 at gmail.com
Sat Jun 27 18:35:51 UTC 2015 

Can you try using scanimage -B ?

allan

On Sat, Jun 27, 2015 at 2:07 PM, Yuval Levy <yuval.levy at ryerson.ca> wrote:
> Good day developers!
>
> I need direction and help tracking down a bug.  I have done some
> testing, described in detail below, and found that on my system
> scanimage hangs if the data for a single line is more than 16384 bytes.
>
> My intuition is that somewhere in the driver or in the scanning software
> there is a 16384 bytes limit for a single line, possibly a buffer or a
> counter, and the scanner times out when trying to scan a too wide
> document at too high resolution.
>
> Hardware:
> * Brother MFC-6490CW connected via the network (but I tested also with
> USB connection and the same limit applies)
> * A plain simple desktop PC, Intel i3-2125, 8GB RAM
> * Also tested with an ultrabook, Intel i5-5400, 8GB RAM
>
> Operating System:
> * Main operating system on both machines: Xubuntu 14.04.2 LTS 64-bit
> * Tested with Ubuntu 15.04 32-bit as well (same results)
> * Tested with Windows 7 (no problems at all)
>
> Reproducing the issue:
>
> SANE_DEBUG_DLL=128 scanimage -d "brother3:net1;dev0" --format=tiff -p
> --mode "24bit Color" --resolution=600dpi --source="FlatBed" -l 0 -t 0 -x
> 232 -y 10 > /tmp/test.tif
>
> Relevant output:
>
> [dll] sane_start(handle=0xcff680)
> [dll] sane_get_parameters(handle=0xcff680,params=0x7ffc24ac06f0)
> [dll]
> sane_read(handle=0xcff680,data=0xcffc20,maxlen=32768,lenp=0x7ffc24ac06e4)
>
> then there is a long wait, the scanner times out (hear the noise of the
> lamp going back into rest position), scanimage hangs for a while and
> then goes wild until interrupted, printing a flurry of
>
> [dll]
> sane_read(handle=0xcff680,data=0xcffc20,maxlen=32768,lenp=0x7ffc24ac06e4)
>
> Rounding up the issue:
> * No problems scanning that size/density in Windows -- tells me it is
> not an issue with the MFC-6940CW itself and narrows the search field to
> the linux driver and/or scanning software
> * The problem is the same whether I connect the scanner via network (my
> default setup) or USB -- tells me it is not an issue with how the data
> is transmitted
> * The problem is the same in Xubuntu 14.04.2 64-bit and in Ubuntu 15.04
> 32-bit -- tells me it is not an issue of whether the software was
> compiled for 32 or 64 bits, nor that there has been recent addition to
> the 'buntu repository version of scanimage that solved the issue
>
> Limiting the issue: scanimage performs as expected if either of these
> parameters is changed:
> ** -x is smaller than 232
> ** --mode is "True Gray"
> ** --resolution=600dpi
>
> All three changes have one thing in common: they reduce the weight of
> the data generated when scanning one line.
>
> At -x 231, the resulting image is 5456 pixels wide, which is 16368 bytes
> at a 24bit.  Very close to 16384, a power of two number often used to
> size buffers.  My suspicion is that somewhere between the scanning
> software and the driver there is a buffer or a counter limited to 16484
> bytes.  When that limit is reached, the scanner is left hanging until it
> times out.
>
> I am at the end of my own resources and need further direction / help.
> While I do have some experience with building object code from source
> code and can follow directions to modify little things and test them, I
> am unfamiliar with SANE.  Moreover, part of the software (Brother's
> driver) is closed sourced, making it difficult to analyze.  Can somebody
> be kind, validate or deconstruct my analysis, and point me to the next
> step in identifying and solving the bottleneck?  Short of falling back
> to Windows I do not know what to do, and I will rather run this high
> volume low priority scan job in the background on my workstation than go
> through the trouble of setting up an additional machine for the job.
>
> Many thanks in advance!
> Yuv
>
> --
> Yuval Levy, JD, MBA, CFA
>
>
> --
> sane-devel mailing list: sane-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/sane-devel
> Unsubscribe: Send mail with subject "unsubscribe your_password"
>              to sane-devel-request at lists.alioth.debian.org



-- 
"well, I stand up next to a mountain- and I chop it down with the edge
of my hand"

More information about the sane-devel mailing list