Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)

John Paul Adrian Glaubitz Sat, 23 Mar 2019 10:28:09 -0700

On 3/23/19 6:13 PM, Jonathan Wiltshire wrote:
> You forgot the debdiff, but the upstream patch looks OK. Please go ahead
> and remove the moreinfo tag when this is ready to unblock.


Whoops, I meant to attach it. I'm still a bit jet-lagged from my last
trip. Attaching it now and will go ahead with the upload.

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

diff -Nru sane-backends-1.0.27/debian/changelog sane-backends-1.0.27/debian/changelog
--- sane-backends-1.0.27/debian/changelog	2018-11-02 20:30:06.000000000 +0100
+++ sane-backends-1.0.27/debian/changelog	2019-03-23 17:38:37.000000000 +0100
@@ -1,3 +1,11 @@
+sane-backends (1.0.27-3.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * New debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch
+    - Fix regression in the mustek_usb2 backend (Closes: #886777).
+
+ -- John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de>  Sat, 23 Mar 2019 17:38:37 +0100
+
 sane-backends (1.0.27-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch
--- sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch	1970-01-01 01:00:00.000000000 +0100
+++ sane-backends-1.0.27/debian/patches/0720-mustek_usb2-Avoid-stack-smashing.patch	2019-03-23 17:34:56.000000000 +0100
@@ -0,0 +1,88 @@
+From 93340afddfbc4085a5297fe635b65dd7f7f3ef05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
+Date: Mon, 17 Dec 2018 00:05:43 +0100
+Subject: [PATCH] mustek_usb2: Avoid stack smashing.  Fixes #35
+
+Use a properly sized variable in call to sanei_usb_{read,write}_bulk.
+
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886777
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907972
+---
+ backend/mustek_usb2_asic.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/backend/mustek_usb2_asic.c b/backend/mustek_usb2_asic.c
+index b5f3b0a4..b31c7494 100644
+--- a/backend/mustek_usb2_asic.c
++++ b/backend/mustek_usb2_asic.c
+@@ -255,6 +255,7 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   STATUS status = STATUS_GOOD;
+   unsigned int i, buf[1];
+   unsigned int read_size;
++  size_t read_size_usb;
+ 
+   DBG (DBG_ASIC, "Mustek_DMARead: Enter\n");
+ 
+@@ -268,9 +269,11 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+       SetRWSize (chip, 1, buf[0]);
+       status = WriteIOControl (chip, 0x03, 0, 4, (SANE_Byte *) (buf));
+ 
++      read_size_usb = buf[0];
+       status =
+ 	sanei_usb_read_bulk (chip->fd, lpdata + i * read_size,
+-			     (size_t *) buf);
++                             &read_size_usb);
++      buf[0] = read_size_usb;
+       if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMARead: read error\n");
+@@ -284,9 +287,11 @@ Mustek_DMARead (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+       SetRWSize (chip, 1, buf[0]);
+       status = WriteIOControl (chip, 0x03, 0, 4, (SANE_Byte *) (buf));
+ 
++      read_size_usb = buf[0];
+       status =
+ 	sanei_usb_read_bulk (chip->fd, lpdata + i * read_size,
+-			     (size_t *) buf);
++                             &read_size_usb);
++      buf[0] = read_size_usb;
+       if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMARead: read error\n");
+@@ -307,6 +312,7 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+   unsigned int buf[1];
+   unsigned int i;
+   unsigned int write_size;
++  size_t write_size_usb;
+ 
+   DBG (DBG_ASIC, "Mustek_DMAWrite: Enter:size=%d\n", size);
+ 
+@@ -320,9 +326,11 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+       SetRWSize (chip, 0, buf[0]);
+       WriteIOControl (chip, 0x02, 0, 4, (SANE_Byte *) buf);
+ 
++      write_size_usb = buf[0];
+       status =
+ 	sanei_usb_write_bulk (chip->fd, lpdata + i * write_size,
+-			      (size_t *) buf);
++                              &write_size_usb);
++      buf[0] = write_size_usb;
+       if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMAWrite: write error\n");
+@@ -337,9 +345,11 @@ Mustek_DMAWrite (PAsic chip, unsigned int size, SANE_Byte * lpdata)
+       SetRWSize (chip, 0, buf[0]);
+       WriteIOControl (chip, 0x02, 0, 4, (SANE_Byte *) buf);
+ 
++      write_size_usb = buf[0];
+       status =
+ 	sanei_usb_write_bulk (chip->fd, lpdata + i * write_size,
+-			      (size_t *) buf);
++                              &write_size_usb);
++      buf[0] = write_size_usb;
+       if (status != STATUS_GOOD)
+ 	{
+ 	  DBG (DBG_ERR, "Mustek_DMAWrite: write error\n");
+-- 
+2.18.1
+
diff -Nru sane-backends-1.0.27/debian/patches/series sane-backends-1.0.27/debian/patches/series
--- sane-backends-1.0.27/debian/patches/series	2018-10-04 21:33:29.000000000 +0200
+++ sane-backends-1.0.27/debian/patches/series	2019-03-23 17:36:58.000000000 +0100
@@ -24,3 +24,4 @@
 0150-genesys-Fix-use-of-uninitialized-variable.patch
 #0130-usb-timeout.patch
 0715-20-sane.hwdb_multi-arch.patch
+0720-mustek_usb2-Avoid-stack-smashing.patch

Bug#925356: unblock: sane-backends/1.0.27-3.2 (pre-approval)

Reply via email to