[sane-devel] Canon ImageClass MF644Cdw

Ralph Little skelband at gmail.com
Thu Oct 31 21:55:55 GMT 2019


Hi David,

On Thu, Oct 31, 2019 at 2:45 PM David McMahon <thedjm at gmail.com> wrote:

> ...
> [bjnp]  00000050:45 53 3a 43 61 6e 6f 6e  20 4d 46 36 34 32 43 2f
> [bjnp]  00000060:36 34 33 43 2f 36 34 34  43 3b
> [bjnp] get_scanner_id: Scanner identity string =
> MFG:CANON;CMD:MFNP1,MultiPASS 2.1;MDL:MF642C/643C/644C;CLS:IMG;DES:Canon
> MF642C/643C/644C; - length = 90
> [bjnp] get_scanner_id: Scanner model = MF642C/643C/644C
> *** buffer overflow detected ***: scanimage terminated
> Aborted
>
>
Having a quick look at the code, it looks like the very next thing the
backend does is try to generate a "serial number" by using the hostname.
Involves an unprotected strcpy().
Does your scanner machine have a particularly long hostname?

Cheers,
Ralph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/sane-devel/attachments/20191031/97b1944d/attachment.html>


More information about the sane-devel mailing list