From 1f0b6f8379934adc647252c81fe8504a193b5de5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 27 Oct 2014 22:38:26 +0100 Subject: correct some out-of-bounds --- debian/patches/niash_c-array-bounds.patch | 29 ----------- debian/patches/out_of_bounds.patch | 85 +++++++++++++++++++++++++++++++ debian/patches/series | 2 +- 3 files changed, 86 insertions(+), 30 deletions(-) delete mode 100644 debian/patches/niash_c-array-bounds.patch create mode 100644 debian/patches/out_of_bounds.patch (limited to 'debian/patches') diff --git a/debian/patches/niash_c-array-bounds.patch b/debian/patches/niash_c-array-bounds.patch deleted file mode 100644 index 49ada3b..0000000 --- a/debian/patches/niash_c-array-bounds.patch +++ /dev/null @@ -1,29 +0,0 @@ -Description: prevent array bounds in TScanner -Author: Jörg Frings-Fürst -Forwarded: http://lists.alioth.debian.org/pipermail/sane-devel/2014-October/032777.html -Last-Update: 2014-10-26 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/backend/niash.c -=================================================================== ---- trunk.orig/backend/niash.c -+++ trunk/backend/niash.c -@@ -64,6 +64,7 @@ - - - /* options enumerator */ -+/* on changes please check the typedef struct TScanner */ - typedef enum - { - optCount = 0, -@@ -105,8 +106,8 @@ typedef union - - typedef struct - { -- SANE_Option_Descriptor aOptions[optLast]; -- TOptionValue aValues[optLast]; -+ SANE_Option_Descriptor aOptions[optGamma + 1]; -+ TOptionValue aValues[optGamma + 1]; - - TScanParams ScanParams; - THWParams HWParams; diff --git a/debian/patches/out_of_bounds.patch b/debian/patches/out_of_bounds.patch new file mode 100644 index 0000000..43aeaf6 --- /dev/null +++ b/debian/patches/out_of_bounds.patch @@ -0,0 +1,85 @@ +Description: prevent out-of-bounds +Author: Jörg Frings-Fürst +Forwarded: http://lists.alioth.debian.org/pipermail/sane-devel/2014-October +Last-Update: 2014-10-26 +--- +Index: trunk/backend/genesys_devices.c +=================================================================== +--- trunk.orig/backend/genesys_devices.c ++++ trunk/backend/genesys_devices.c +@@ -3362,7 +3362,7 @@ static Genesys_Model canon_formula101_mo + 100 + }; + +- ++/* put the size on MAX_SCANNERS in genesys_low.h */ + static Genesys_USB_Device_Entry genesys_usb_device_list[] = { + /* GL646 devices */ + {0x03f0, 0x0901, &hp2300c_model}, +Index: trunk/backend/genesys_low.h +=================================================================== +--- trunk.orig/backend/genesys_low.h ++++ trunk/backend/genesys_low.h +@@ -309,8 +309,9 @@ typedef enum Genesys_Color_Order + } + Genesys_Color_Order; + +- +-#define MAX_SCANNERS 50 ++/* To prevent out-of-bounds errors MAX_SCANNERS must be the size of genesys_usb_device_list */ ++/* found on genesys_devices.c */ ++#define MAX_SCANNERS 40 + #define MAX_RESOLUTIONS 13 + #define MAX_DPI 4 + +Index: trunk/backend/umax1220u-common.c +=================================================================== +--- trunk.orig/backend/umax1220u-common.c ++++ trunk/backend/umax1220u-common.c +@@ -972,7 +972,8 @@ move_2100U (UMAX_Handle * scan, int dist + unsigned char ope2[3] = { + 0x00, 0xff, 0xff + }; +- unsigned char buf[512]; ++ /* To prevent out-of-bounds in functions (PAD|CKK)_ARRAY set the size from 512 to 522 */ ++ unsigned char buf[512 + PAD]; + + + SANE_Status res; +Index: trunk/backend/hs2p.h +=================================================================== +--- trunk.orig/backend/hs2p.h ++++ trunk/backend/hs2p.h +@@ -264,7 +264,8 @@ typedef struct HS2P_Scanner + Option_Value val[NUM_OPTIONS]; + SANE_Parameters params; /* SANE image parameters */ + /* additional values that don't fit into Option_Value representation */ +- SANE_Word gamma_table[GAMMA_LENGTH]; /* Custom Gray Gamma Table */ ++ /* To prevnted out-of-bounds add + 2 */ ++ SANE_Word gamma_table[GAMMA_LENGTH + 2]; /* Custom Gray Gamma Table */ + + /* state information - not options */ + +Index: trunk/backend/niash.c +=================================================================== +--- trunk.orig/backend/niash.c ++++ trunk/backend/niash.c +@@ -64,6 +64,7 @@ + + + /* options enumerator */ ++/* on changes please check the typedef struct TScanner */ + typedef enum + { + optCount = 0, +@@ -105,8 +106,8 @@ typedef union + + typedef struct + { +- SANE_Option_Descriptor aOptions[optLast]; +- TOptionValue aValues[optLast]; ++ SANE_Option_Descriptor aOptions[optGamma + 1]; ++ TOptionValue aValues[optGamma + 1]; + + TScanParams ScanParams; + THWParams HWParams; diff --git a/debian/patches/series b/debian/patches/series index eaed460..5699297 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,3 @@ -niash_c-array-bounds.patch hp3900.patch typo.patch license_typo.patch @@ -20,3 +19,4 @@ man-page-spelling.patch source-spelling.patch ppc64el.patch hp5370c.patch +out_of_bounds.patch -- cgit v1.2.3