[sane-devel] Canon ImageClass MF644Cdw

Rolf Bensch rolf at bensch-online.de
Sat Nov 2 16:41:16 GMT 2019

Hi Louis,

Do you have any ideas about this issue?


Am 01.11.19 um 00:31 schrieb Ralph Little:
> Hi,
> On Thu, Oct 31, 2019 at 4:12 PM David McMahon <thedjm at gmail.com
> <mailto:thedjm at gmail.com>> wrote:
>     Thanks for the clue!  Looking on that on the settings page of the
>     printer, the hostname is the default of "Canoncbcab3" which seems
>     harmless enough.  I changed it to "Can" to see if that changed
>     anything, but still getting the buffer overflow.
>     If you have a link handy to that part of the code, can you point me
>     to it?  Maybe it's something else right after the strcpy().
> Hmm, that might have been slightly misleading.
> I'm looking at backend/pixma_bjnp.c at line 801, which is where we see
> the last successful debug message from the function get_scanner_id():
> "get_scanner_id: Scanner model = ...."
> It returns to the only place it is called, line 1817 in add_scanner().
> We don't get the error message (at line 1819) so it must next call the
> function determine_scanner_serial() which attempts to determine a
> "serial number" for the scanner.
> This could be one of a selection of things, so that might be the
> culprit, since it does some strcpy() calls in there, although we don't
> have any debug messages in there, so we don't really know how far it got
> before the buffer overrun struck :(
> If it were me chasing this, I would add some more dbg messages to see
> how far it got, perhaps one after the call to determine_scanner_serial()
> to see if it returned to start off with. If it didn't some dbg in the
> function determine_scanner_serial() to see what it decided.
> Cheers,
> Ralph

More information about the sane-devel mailing list