Package: sane
Version: 1.0.14-8
Severity: important
Tags: patch
xscanimage crashes at startup in gtkglue.c:option_menu_lookup(), called by
gtkglue.c:panel_build(), when trying to create the DPI selection widget.
The DPI list in opt->constraint.word_list contains 32 values from 50 to 2400,
but the initial DPI value is 25. option_menu_lookup() assumes that the
value is in the list, and crashes when it reaches its end.
The scanner is an Epson Perfection 1240U using the epson2 backend.
The attached patch makes xscanimage check that the value is in the list.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (820, 'stable'), (600, 'unstable'), (550, 'testing'), (510,
'experimental'), (500, 'oldstable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages sane depends on:
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.10.1-7 GNU C Library: Shared libraries
ii libcairo2 1.8.8-2 The Cairo 2D vector graphics libra
ii libfontconfig1 2.6.0-3 generic font configuration library
ii libfreetype6 2.3.7-2+lenny1 FreeType 2 font engine, shared lib
ii libgimp2.0 2.6.7-1 Libraries for the GNU Image Manipu
ii libglib2.0-0 2.22.2-2 The GLib library of C routines
ii libgtk2.0-0 2.18.3-1 The GTK+ graphical user interface
ii libpango1.0-0 1.26.0-1 Layout and rendering of internatio
ii libsane 1.0.20-9 API library for scanners
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
sane recommends no packages.
Versions of packages sane suggests:
ii gimp 2.6.7-1 The GNU Image Manipulation Program
-- no debconf information
--- sane-frontends-1.0.14/src/gtkglue.c 2009-11-13 22:06:04.000000000 +0100
+++ sane-frontends-1.0.14/src/gtkglue.c 2009-11-13 22:26:56.000000000 +0100
@@ -913,6 +913,7 @@
char **str_list;
int i, j;
int num_vector_opts = 0, *vector_opts;
+ int val_in_word_list;
main_hbox = gtk_hbox_new (FALSE, 2);
@@ -1073,13 +1074,23 @@
case SANE_CONSTRAINT_WORD_LIST:
/* use a "list-selection" widget */
num_words = opt->constraint.word_list[0];
+ if (num_words == 0)
+ {
+ fprintf (stderr, "panel_build: empty word list!\n");
+ break;
+ }
+ val_in_word_list = 0;
str_list = malloc ((num_words + 1) * sizeof (str_list[0]));
for (j = 0; j < num_words; ++j)
{
+ if (opt->constraint.word_list[j + 1] == val)
+ val_in_word_list = 1;
sprintf (str, "%d", opt->constraint.word_list[j + 1]);
str_list[j] = strdup (str);
}
str_list[j] = 0;
+ if ( ! val_in_word_list)
+ val = opt->constraint.word_list[1];
sprintf (str, "%d", val);
option_menu_new (parent, title, str_list, str, elem,
dialog->tooltips, opt->desc,
