[sane-devel] Canon ImageClass MF644Cdw
louis at fazant.net
Sat Nov 2 16:46:03 GMT 2019
On Sat, 2019-11-02 at 17:41 +0100, Rolf Bensch wrote:
> Hi Louis,
> Do you have any ideas about this issue?
I have this on my list for next week: I am having a few issues with my
Maxify 5450 that I need to fix first to get a stable platform to test
(although my ethernet switches may be causing some of the issues). once
that is done I am planning to look into open Sane/BJNP issues.
It would help if I could get a wireshark dump so I can try to
understand what is happening
> Am 01.11.19 um 00:31 schrieb Ralph Little:
> > Hi,
> > On Thu, Oct 31, 2019 at 4:12 PM David McMahon <thedjm at gmail.com
> > <mailto:thedjm at gmail.com>> wrote:
> > Thanks for the clue! Looking on that on the settings page of
> > the
> > printer, the hostname is the default of "Canoncbcab3" which
> > seems
> > harmless enough. I changed it to "Can" to see if that changed
> > anything, but still getting the buffer overflow.
> > If you have a link handy to that part of the code, can you
> > point me
> > to it? Maybe it's something else right after the strcpy().
> > Hmm, that might have been slightly misleading.
> > I'm looking at backend/pixma_bjnp.c at line 801, which is where we
> > see
> > the last successful debug message from the function
> > get_scanner_id():
> > "get_scanner_id: Scanner model = ...."
> > It returns to the only place it is called, line 1817 in
> > add_scanner().
> > We don't get the error message (at line 1819) so it must next call
> > the
> > function determine_scanner_serial() which attempts to determine a
> > "serial number" for the scanner.
> > This could be one of a selection of things, so that might be the
> > culprit, since it does some strcpy() calls in there, although we
> > don't
> > have any debug messages in there, so we don't really know how far
> > it got
> > before the buffer overrun struck :(
> > If it were me chasing this, I would add some more dbg messages to
> > see
> > how far it got, perhaps one after the call to
> > determine_scanner_serial()
> > to see if it returned to start off with. If it didn't some dbg in
> > the
> > function determine_scanner_serial() to see what it decided.
> > Cheers,
> > Ralph
More information about the sane-devel