Oliver Rauch wrote:
>XSane 0.77 is released.
>
Oliver,
I see that the reporting of errors from preview_increment_image_y will
still result in preview_read_image_data being called again before the
scan is aborted. (in the code of xsane 0.77). This error occurs in other
places in preview_read_image_data() as well (fixed by attached
recursive-error-error.patch). Remember that calling
xsane_back_gtk_error() allows preview_read_image_data() to be called
again (recursively) before the scan is aborted. So the scan must be
aborted before calling xsane_back_gtk_error(). I fixed all instances of
this error that I found, but there may be more that I didn't get...
I think that if the backend sends more data than reported by
sane_get_parameters(), xsane will still crash and burn... I think this
should generate an error message and abort the scan instead. A patch for
this is attached (overflow.patch). I would appreciate someone else
checking over this patch - I'm not completely sure I got all the sizes
correct in all cases.
Ben.
*** xsane-preview.c.orig Sat May 26 00:18:38 2001
--- xsane-preview.c Sat May 26 01:20:57 2001
***************
*** 1447,1453 ****
goto bad_depth;
}
-
if (status != SANE_STATUS_GOOD)
{
if (status == SANE_STATUS_EOF)
--- 1447,1452 ----
***************
*** 1491,1496 ****
--- 1490,1498 ----
switch (p->params.depth)
{
case 8:
+ if( p->image_offset + len > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len; ++i)
{
p->image_data_raw[p->image_offset] = buf[i] * 256;
***************
*** 1507,1512 ****
--- 1509,1517 ----
break;
case 16:
+ if( p->image_offset + len/2 > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len/2; ++i)
{
p->image_data_raw[p->image_offset] = buf16[i];
***************
*** 1531,1536 ****
--- 1536,1544 ----
switch (p->params.depth)
{
case 1:
+ if( p->image_offset + len*8*3 > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len; ++i)
{
u_char mask = buf[i];
***************
*** 1561,1566 ****
--- 1569,1577 ----
break;
case 8:
+ if( p->image_offset + len*3 > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len; ++i)
{
u_char gray = buf[i];
***************
*** 1580,1585 ****
--- 1591,1599 ----
break;
case 16:
+ if( p->image_offset + len*3/2 > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len/2; ++i)
{
u_char gray = buf16[i]/256;
***************
*** 1610,1615 ****
--- 1624,1632 ----
switch (p->params.depth)
{
case 1:
+ if( p->image_offset + len*8*3 > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len; ++i)
{
u_char mask = buf[i];
***************
*** 1632,1637 ****
--- 1649,1657 ----
break;
case 8:
+ if( p->image_offset + len*3 > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len; ++i)
{
p->image_data_raw[p->image_offset] = buf[i] * 256;
***************
*** 1646,1651 ****
--- 1666,1674 ----
break;
case 16:
+ if( p->image_offset + len*3/2 > 3*p->image_width * p->image_height ) {
+ goto data_overflow;
+ }
for (i = 0; i < len/2; ++i)
{
p->image_data_raw[p->image_offset] = buf16[i];
***************
*** 1687,1692 ****
--- 1710,1721 ----
snprintf(buf, sizeof(buf), "%s %d.", ERR_PREVIEW_BAD_DEPTH, p->params.depth);
xsane_back_gtk_error(buf, TRUE);
preview_scan_done(p);
+ return;
+
+ data_overflow:
+ snprintf(buf, sizeof(buf), "%s.", ERR_BACKEND_DATA_OVERFLOW );
+ preview_scan_done(p);
+ xsane_back_gtk_error(buf, TRUE);
return;
}
*** xsane-text.h.orig Sat May 26 01:08:39 2001
--- xsane-text.h Sat May 26 01:10:23 2001
***************
*** 488,493 ****
--- 488,494 ----
#define ERR_FAILED_ALLOCATE_IMAGE _("Failed to allocate image memory:")
#define ERR_PREVIEW_BAD_DEPTH _("Preview cannot handle bit depth")
#define ERR_GIMP_SUPPORT_MISSING _("GIMP support missing")
+ #define ERR_BACKEND_DATA_OVERFLOW _("Backend sent more data than it said it would (protocol error)")
#define ERR_CREATE_PREVIEW_FILE _("Could not create temporary preview files")
#define ERR_CREATE_PREVIEW_FILENAME _("Could not create filenames for preview files")
*** xsane-preview.c.orig Sat May 26 00:18:38 2001
--- xsane-preview.c Sat May 26 01:26:54 2001
***************
*** 1386,1393 ****
if ( (!p->image_data_enh) || (!p->image_data_raw) )
{
snprintf(buf, sizeof(buf), "%s %s.", ERR_FAILED_ALLOCATE_IMAGE, strerror(errno));
- xsane_back_gtk_error(buf, TRUE);
preview_scan_done(p);
return -1;
}
memset(p->image_data_enh + offset, 0xff, extra_size);
--- 1386,1393 ----
if ( (!p->image_data_enh) || (!p->image_data_raw) )
{
snprintf(buf, sizeof(buf), "%s %s.", ERR_FAILED_ALLOCATE_IMAGE, strerror(errno));
preview_scan_done(p);
+ xsane_back_gtk_error(buf, TRUE);
return -1;
}
memset(p->image_data_enh + offset, 0xff, extra_size);
***************
*** 1474,1482 ****
else
{
snprintf(buf, sizeof(buf), "%s %s.", ERR_DURING_READ, XSANE_STRSTATUS(status));
xsane_back_gtk_error(buf, TRUE);
}
- preview_scan_done(p);
return;
}
--- 1474,1482 ----
else
{
snprintf(buf, sizeof(buf), "%s %s.", ERR_DURING_READ, XSANE_STRSTATUS(status));
+ preview_scan_done(p);
xsane_back_gtk_error(buf, TRUE);
}
return;
}
***************
*** 1685,1692 ****
bad_depth:
snprintf(buf, sizeof(buf), "%s %d.", ERR_PREVIEW_BAD_DEPTH, p->params.depth);
- xsane_back_gtk_error(buf, TRUE);
preview_scan_done(p);
return;
}
--- 1685,1692 ----
bad_depth:
snprintf(buf, sizeof(buf), "%s %d.", ERR_PREVIEW_BAD_DEPTH, p->params.depth);
preview_scan_done(p);
+ xsane_back_gtk_error(buf, TRUE);
return;
}
-- Source code, list archive, and docs: http://www.mostang.com/sane/ To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com
This archive was generated by hypermail 2b29 : Fri May 25 2001 - 08:53:46 PDT