Re: Possible fix for Sane 1.0.1 segfault in RedHat 5.1 (net)

Milon Firikis (milonf@ariadne-t.gr)
Fri, 30 Apr 1999 14:48:58 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Petter Reinholdtsen: "libtool 1.3 - finally"
Previous message: Russell W. Behne: "Re: HP ScanJet Plus"
Maybe in reply to: Graham Stoney: "Possible fix for Sane 1.0.1 segfault in RedHat 5.1 (net)"

Graham Stoney wrote:
>
> [Milon Firikis]
> > I keep getting SIGSEGVs in redhat 5.1
> >
> > I have reported it some time ago... but I am not qualified to find
> > the solution...
>
> I've just tried using the net backend on redhat 5.1, and also got SIGSEGVs.
> It looks like I'm qualified to offer the fix below, but I don't know for sure
> whether it fixes Milon's problem. If it does, his SIGSEGV is likely to turn
> into an error message, though it may not mean that scanning actually works.
>
> My problem was that my backend was not setting the type field for option
> descriptor zero, causing sanei_w_call to fail with wire.status == EINVAL
> because it didn't know how to encode the descriptor's value. In sane-1.0.1,
> backend/net.c:sane_control_option fails to check whether
> sanei_w_call(...,SANE_NET_CONTROL_OPTION,...) succeeds before using the reply
> info. If it fails, we get a segfault. Perhaps something in Milon's config is
> causing this call to fail, but as far as I can see it will cause disaster on
> any system when the sanei_w_call in sane_control_option fails. The first
> patch below adds the missing test, and fixes the segfault.

I don't have any kind of bacckend (except net) enabled in my dll.conf.
It still segfaults where it should return "no devices available)

>
> While looking at the existing backends, I noticed that very few of them set
> the "type" field on option descriptor zero correctly. Most rely on a memset
> of all the option descriptors to set it to zero, giving it a value of
> SANE_TYPE_BOOL. It's meant to be a SANE_TYPE_INT however; we're just lucky
> that the encoding for BOOL and INT is the same, so it works. The remaining
> patches explicitly set the type for the first descriptor to SANE_TYPE_INT in
> all the backends that appear (to my untrained eye) to get it wrong.

true SANE_TYPE_INT!=SANE_TYPE_INT, but in practice this cannot lead to a
SIGSEGV and most certainly it's not Redahat5.1 specific

So I assume you don't use memset to clear the option descriptor space.
So you find a bug, but unfortuately is not applied to my problem (I
tested your patch on the net.c and I failed).

--
Source code, list archive, and docs: http://www.mostang.com/sane/
To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com

Next message: Petter Reinholdtsen: "libtool 1.3 - finally"
Previous message: Russell W. Behne: "Re: HP ScanJet Plus"
Maybe in reply to: Graham Stoney: "Possible fix for Sane 1.0.1 segfault in RedHat 5.1 (net)"