[sane-devel] Canon ImageClass MF644Cdw
Rolf Bensch
rolf at bensch-online.de
Sat Nov 2 16:41:16 GMT 2019
Hi Louis,
Do you have any ideas about this issue?
Cheers,
Rolf
Am 01.11.19 um 00:31 schrieb Ralph Little:
> Hi,
>
> On Thu, Oct 31, 2019 at 4:12 PM David McMahon <thedjm at gmail.com
> <mailto:thedjm at gmail.com>> wrote:
>
>
> Thanks for the clue! Looking on that on the settings page of the
> printer, the hostname is the default of "Canoncbcab3" which seems
> harmless enough. I changed it to "Can" to see if that changed
> anything, but still getting the buffer overflow.
> If you have a link handy to that part of the code, can you point me
> to it? Maybe it's something else right after the strcpy().
>
>
>
> Hmm, that might have been slightly misleading.
>
> I'm looking at backend/pixma_bjnp.c at line 801, which is where we see
> the last successful debug message from the function get_scanner_id():
>
> "get_scanner_id: Scanner model = ...."
>
> It returns to the only place it is called, line 1817 in add_scanner().
> We don't get the error message (at line 1819) so it must next call the
> function determine_scanner_serial() which attempts to determine a
> "serial number" for the scanner.
> This could be one of a selection of things, so that might be the
> culprit, since it does some strcpy() calls in there, although we don't
> have any debug messages in there, so we don't really know how far it got
> before the buffer overrun struck :(
>
> If it were me chasing this, I would add some more dbg messages to see
> how far it got, perhaps one after the call to determine_scanner_serial()
> to see if it returned to start off with. If it didn't some dbg in the
> function determine_scanner_serial() to see what it decided.
>
> Cheers,
> Ralph
More information about the sane-devel
mailing list