There is a potential null pointer deference in a DBG statement in
sanei/sanei_scsi.c. The bug is in the version of scsi_cmd() that interfaces
with the Joerg Schilling scsi driver for Solaris. I think that the section of
code affected by this bug handles waiting for the scanner to finish being busy.
The bug was detected with a Umax Astra 2400S scanner and was triggered whenever
one tried to scan.
--- sanei/sanei_scsi.c.ORIG Thu Nov 30 15:02:30 2000
+++ sanei/sanei_scsi.c Wed Feb 21 16:38:15 2001
@@ -3590,8 +3590,8 @@
handler = fd_info[fd].sense_handler;
DBG (3, "cmd=%x, error=%d:%s, bsiz=%d, stat=%x,%x,%x, slen=%d\n",
scmd.cdb.g0_cdb.cmd, scmd.error, strerror (scmd.errno),
- *dst_size, scmd.u_scb.cmd_scb[0], scmd.u_scb.cmd_scb[1],
- scmd.u_scb.cmd_scb[2], scmd.sense_count);
+ ((dst_size != NULL)?(*dst_size):0), scmd.u_scb.cmd_scb[0],
+ scmd.u_scb.cmd_scb[1], scmd.u_scb.cmd_scb[2], scmd.sense_count);
*errbf = '\0';
for (i = 0; i < scmd.sense_count; i++)
sprintf (errbf + strlen (errbf), "%x,", scmd.u_sense.cmd_sense[i]);
Bill Sebok Computer Software Manager, Univ. of Maryland, Astronomy
Internet: wls@astro.umd.edu URL: http://www.astro.umd.edu/~wls/
-- Source code, list archive, and docs: http://www.mostang.com/sane/ To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com
This archive was generated by hypermail 2b29 : Thu Feb 22 2001 - 12:05:53 PST