Hello Florence, dear Maintainer, then attached patch is growing this buffer from 6 to 10 usable bytes, making a size around 1 TB possible. And tries to break the loop before overrunning the buffer.
Unfortunately I cannot test this patch, so it is completely untested, just compiles... Kind regards, Bernhard
Description: Resize buffer and try not to overrun it Author: Bernhard Übelacker <bernha...@mailbox.org> Bug-Debian: https://bugs.debian.org/992721 Forwarded: no Last-Update: 2021-09-20 Index: hplip-3.21.6+dfsg0/scan/sane/bb_ledm.c =================================================================== --- hplip-3.21.6+dfsg0.orig/scan/sane/bb_ledm.c +++ hplip-3.21.6+dfsg0/scan/sane/bb_ledm.c @@ -1085,7 +1085,7 @@ bugout: int get_size(struct ledm_session* ps) { struct bb_ledm_session *pbb = ps->bb_session; - char buffer[7]; + char buffer[11]; int i=0, tmo=50, len; if(ps->currentResolution >= 1200) tmo *= 5; @@ -1093,7 +1093,11 @@ int get_size(struct ledm_session* ps) while(1) { if(http_read_size(pbb->http_handle, buffer+i, 1, tmo, &len) == 2) return 0; - if( i && *(buffer+i) == '\n' && *(buffer+i-1) == '\r') break; + if( (i && *(buffer+i) == '\n' && *(buffer+i-1) == '\r') || + (i >= sizeof(buffer)-1) ) + { + break; + } i++; } *(buffer+i+1)='\0';
