correct some out-of-boundsdebian/1.0.24-4

author: Jörg Frings-Fürst <debian@jff-webhosting.net> 2014-10-27 22:38:26 +0100
committer: Jörg Frings-Fürst <debian@jff-webhosting.net> 2014-10-27 22:38:26 +0100
commit: 1f0b6f8379934adc647252c81fe8504a193b5de5 (patch)
tree: 4f0303ee98cd62d76f0eee775a224db155bcb392 /debian/patches
parent: c05e2c11a7104ba41888b96b4cba67ecdea653f3 (diff)
3 files changed, 86 insertions, 30 deletions
diff --git a/debian/patches/niash_c-array-bounds.patch b/debian/patches/niash_c-array-bounds.patch
deleted file mode 100644
index 49ada3b..0000000
--- a/debian/patches/niash_c-array-bounds.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Description: prevent array bounds in TScanner
-Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
-Forwarded: http://lists.alioth.debian.org/pipermail/sane-devel/2014-October/032777.html
-Last-Update: 2014-10-26
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/backend/niash.c
-===================================================================
---- trunk.orig/backend/niash.c
-+++ trunk/backend/niash.c
-@@ -64,6 +64,7 @@
- 
- 
- /* options enumerator */
-+/* on changes please check the typedef struct TScanner */
- typedef enum
- {
-   optCount = 0,
-@@ -105,8 +106,8 @@ typedef union
- 
- typedef struct
- {
--  SANE_Option_Descriptor aOptions[optLast];
--  TOptionValue aValues[optLast];
-+  SANE_Option_Descriptor aOptions[optGamma + 1];
-+  TOptionValue aValues[optGamma + 1];
- 
-   TScanParams ScanParams;
-   THWParams HWParams;
diff --git a/debian/patches/out_of_bounds.patch b/debian/patches/out_of_bounds.patch
new file mode 100644
index 0000000..43aeaf6
--- /dev/null
+++ b/debian/patches/out_of_bounds.patch
@@ -0,0 +1,85 @@
+Description: prevent out-of-bounds
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Forwarded: http://lists.alioth.debian.org/pipermail/sane-devel/2014-October
+Last-Update: 2014-10-26
+---
+Index: trunk/backend/genesys_devices.c
+===================================================================
+--- trunk.orig/backend/genesys_devices.c
++++ trunk/backend/genesys_devices.c
+@@ -3362,7 +3362,7 @@ static Genesys_Model canon_formula101_mo
+   100
+ };
+ 
+-
++/* put the size on MAX_SCANNERS in genesys_low.h */
+ static Genesys_USB_Device_Entry genesys_usb_device_list[] = {
+   /* GL646 devices */
+   {0x03f0, 0x0901, &hp2300c_model},
+Index: trunk/backend/genesys_low.h
+===================================================================
+--- trunk.orig/backend/genesys_low.h
++++ trunk/backend/genesys_low.h
+@@ -309,8 +309,9 @@ typedef enum Genesys_Color_Order
+ }
+ Genesys_Color_Order;
+ 
+-
+-#define MAX_SCANNERS 50
++/* To prevent out-of-bounds errors MAX_SCANNERS must be the size of genesys_usb_device_list */
++/* found on genesys_devices.c                                                               */
++#define MAX_SCANNERS 40
+ #define MAX_RESOLUTIONS 13
+ #define MAX_DPI 4
+ 
+Index: trunk/backend/umax1220u-common.c
+===================================================================
+--- trunk.orig/backend/umax1220u-common.c
++++ trunk/backend/umax1220u-common.c
+@@ -972,7 +972,8 @@ move_2100U (UMAX_Handle * scan, int dist
+   unsigned char ope2[3] = {
+     0x00, 0xff, 0xff
+   };
+-  unsigned char buf[512];
++  /* To prevent out-of-bounds in functions (PAD|CKK)_ARRAY set the size from 512 to 522 */
++  unsigned char buf[512 + PAD];
+ 
+ 
+   SANE_Status res;
+Index: trunk/backend/hs2p.h
+===================================================================
+--- trunk.orig/backend/hs2p.h
++++ trunk/backend/hs2p.h
+@@ -264,7 +264,8 @@ typedef struct HS2P_Scanner
+   Option_Value val[NUM_OPTIONS];
+   SANE_Parameters params;	/* SANE image parameters */
+   /* additional values that don't fit into Option_Value representation */
+-  SANE_Word gamma_table[GAMMA_LENGTH];	/* Custom Gray Gamma Table */
++  /* To prevnted out-of-bounds add + 2                                 */
++  SANE_Word gamma_table[GAMMA_LENGTH + 2];	/* Custom Gray Gamma Table */
+ 
+   /* state information - not options */
+ 
+Index: trunk/backend/niash.c
+===================================================================
+--- trunk.orig/backend/niash.c
++++ trunk/backend/niash.c
+@@ -64,6 +64,7 @@
+ 
+ 
+ /* options enumerator */
++/* on changes please check the typedef struct TScanner */
+ typedef enum
+ {
+   optCount = 0,
+@@ -105,8 +106,8 @@ typedef union
+ 
+ typedef struct
+ {
+-  SANE_Option_Descriptor aOptions[optLast];
+-  TOptionValue aValues[optLast];
++  SANE_Option_Descriptor aOptions[optGamma + 1];
++  TOptionValue aValues[optGamma + 1];
+ 
+   TScanParams ScanParams;
+   THWParams HWParams;
diff --git a/debian/patches/series b/debian/patches/series
index eaed460..5699297 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
-niash_c-array-bounds.patch
 hp3900.patch
 typo.patch
 license_typo.patch
@@ -20,3 +19,4 @@ man-page-spelling.patch
 source-spelling.patch
 ppc64el.patch
 hp5370c.patch
+out_of_bounds.patch
author	Jörg Frings-Fürst <debian@jff-webhosting.net>	2014-10-27 22:38:26 +0100
committer	Jörg Frings-Fürst <debian@jff-webhosting.net>	2014-10-27 22:38:26 +0100
commit	1f0b6f8379934adc647252c81fe8504a193b5de5 (patch)
tree	4f0303ee98cd62d76f0eee775a224db155bcb392 /debian/patches
parent	c05e2c11a7104ba41888b96b4cba67ecdea653f3 (diff)