Possible fix for Sane 1.0.1 segfault in RedHat 5.1 (net)

Graham Stoney (greyham@research.canon.com.au)
Wed, 28 Apr 1999 11:40:16 +1000 (EST)

[Milon Firikis]
> I keep getting SIGSEGVs in redhat 5.1
>
> I have reported it some time ago... but I am not qualified to find
> the solution...

I've just tried using the net backend on redhat 5.1, and also got SIGSEGVs.
It looks like I'm qualified to offer the fix below, but I don't know for sure
whether it fixes Milon's problem. If it does, his SIGSEGV is likely to turn
into an error message, though it may not mean that scanning actually works.

My problem was that my backend was not setting the type field for option
descriptor zero, causing sanei_w_call to fail with wire.status == EINVAL
because it didn't know how to encode the descriptor's value. In sane-1.0.1,
backend/net.c:sane_control_option fails to check whether
sanei_w_call(...,SANE_NET_CONTROL_OPTION,...) succeeds before using the reply
info. If it fails, we get a segfault. Perhaps something in Milon's config is
causing this call to fail, but as far as I can see it will cause disaster on
any system when the sanei_w_call in sane_control_option fails. The first
patch below adds the missing test, and fixes the segfault.

While looking at the existing backends, I noticed that very few of them set
the "type" field on option descriptor zero correctly. Most rely on a memset
of all the option descriptors to set it to zero, giving it a value of
SANE_TYPE_BOOL. It's meant to be a SANE_TYPE_INT however; we're just lucky
that the encoding for BOOL and INT is the same, so it works. The remaining
patches explicitly set the type for the first descriptor to SANE_TYPE_INT in
all the backends that appear (to my untrained eye) to get it wrong.

Regards,
Graham

Index: backend/net.c
===================================================================
RCS file: /home/elph/archive/sane/backend/net.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 net.c
*** net.c 1999/04/27 05:38:03 1.1.1.1
--- net.c 1999/04/27 07:51:36
***************
*** 704,709 ****
--- 704,716 ----
sanei_w_call (&s->hw->wire, SANE_NET_CONTROL_OPTION,
(WireCodecFunc) sanei_w_control_option_req, &req,
(WireCodecFunc) sanei_w_control_option_reply, &reply);
+ if (s->hw->wire.status != 0)
+ {
+ DBG(1, "control_option rpc call failed (%s)\n",
+ strerror (s->hw->wire.status));
+ return SANE_STATUS_IO_ERROR;
+ }
+
status = reply.status;
need_auth = (reply.resource_to_authorize != 0);
if (need_auth)

Index: backend/abaton.c
===================================================================
RCS file: /home/elph/archive/sane/backend/abaton.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 abaton.c
*** abaton.c 1999/04/27 05:38:09 1.1.1.1
--- abaton.c 1999/04/28 01:17:32
***************
*** 644,649 ****
--- 644,650 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/agfafocus.c
===================================================================
RCS file: /home/elph/archive/sane/backend/agfafocus.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 agfafocus.c
*** agfafocus.c 1999/04/27 05:38:12 1.1.1.1
--- agfafocus.c 1999/04/28 01:17:46
***************
*** 1007,1012 ****
--- 1007,1013 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/apple.c
===================================================================
RCS file: /home/elph/archive/sane/backend/apple.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 apple.c
*** apple.c 1999/04/27 05:38:07 1.1.1.1
--- apple.c 1999/04/28 01:17:56
***************
*** 1286,1291 ****
--- 1286,1292 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/artec.c
===================================================================
RCS file: /home/elph/archive/sane/backend/artec.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 artec.c
*** artec.c 1999/04/27 05:38:06 1.1.1.1
--- artec.c 1999/04/28 01:18:06
***************
*** 1378,1383 ****
--- 1378,1384 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/canon.c
===================================================================
RCS file: /home/elph/archive/sane/backend/canon.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 canon.c
*** canon.c 1999/04/27 05:38:06 1.1.1.1
--- canon.c 1999/04/28 01:18:41
***************
*** 1150,1155 ****
--- 1150,1156 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/coolscan.c
===================================================================
RCS file: /home/elph/archive/sane/backend/coolscan.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 coolscan.c
*** coolscan.c 1999/04/27 05:38:07 1.1.1.1
--- coolscan.c 1999/04/28 01:18:52
***************
*** 1542,1547 ****
--- 1542,1548 ----

scanner->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
scanner->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ scanner->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
scanner->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;

/* "Mode" group: */
Index: backend/epson.c
===================================================================
RCS file: /home/elph/archive/sane/backend/epson.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 epson.c
*** epson.c 1999/04/27 05:38:06 1.1.1.1
--- epson.c 1999/04/28 01:19:36
***************
*** 1022,1027 ****
--- 1022,1028 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS] = NUM_OPTIONS;

Index: backend/pint.c
===================================================================
RCS file: /home/elph/archive/sane/backend/pint.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 pint.c
*** pint.c 1999/04/27 05:38:05 1.1.1.1
--- pint.c 1999/04/28 01:20:19
***************
*** 387,392 ****
--- 387,393 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/ricoh.c
===================================================================
RCS file: /home/elph/archive/sane/backend/ricoh.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 ricoh.c
*** ricoh.c 1999/04/27 05:38:12 1.1.1.1
--- ricoh.c 1999/04/28 01:20:43
***************
*** 319,324 ****
--- 319,325 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/s9036.c
===================================================================
RCS file: /home/elph/archive/sane/backend/s9036.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 s9036.c
*** s9036.c 1999/04/27 05:38:06 1.1.1.1
--- s9036.c 1999/04/28 01:20:53
***************
*** 675,680 ****
--- 675,681 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS] = NUM_OPTIONS;

Index: backend/sharp.c
===================================================================
RCS file: /home/elph/archive/sane/backend/sharp.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 sharp.c
*** sharp.c 1999/04/27 05:38:08 1.1.1.1
--- sharp.c 1999/04/28 01:22:36
***************
*** 688,693 ****
--- 688,694 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/tamarack.c
===================================================================
RCS file: /home/elph/archive/sane/backend/tamarack.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 tamarack.c
*** tamarack.c 1999/04/27 05:38:07 1.1.1.1
--- tamarack.c 1999/04/28 01:21:21
***************
*** 592,597 ****
--- 592,598 ----

s->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
s->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ s->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
s->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
s->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

Index: backend/umax.c
===================================================================
RCS file: /home/elph/archive/sane/backend/umax.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 umax.c
*** umax.c 1999/04/27 05:38:03 1.1.1.1
--- umax.c 1999/04/28 01:21:36
***************
*** 3304,3309 ****
--- 3304,3310 ----

scanner->opt[OPT_NUM_OPTS].title = SANE_TITLE_NUM_OPTIONS;
scanner->opt[OPT_NUM_OPTS].desc = SANE_DESC_NUM_OPTIONS;
+ scanner->opt[OPT_NUM_OPTS].type = SANE_TYPE_INT;
scanner->opt[OPT_NUM_OPTS].cap = SANE_CAP_SOFT_DETECT;
scanner->val[OPT_NUM_OPTS].w = NUM_OPTIONS;

End of patch

--
Source code, list archive, and docs: http://www.mostang.com/sane/
To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com