scanimage -L crashes almost every time I run it on my system.
The patch below fixes this. OK?
Starting program: /usr/local/bin/scanimage -L
Program received signal SIGSEGV, Segmentation fault.
0x000013d0496b84b4 in memcpy (dst0=<optimized out>, src0=<optimized out>,
length=256) at /usr/src/lib/libc/string/memcpy.c:103
103 TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize);
(gdb) up
#1 0x000013d072201e05 in prepare_socket (if_name=0x13d0395e0ff1 "pflog0",
local_sa=0x13d0395e0f18, broadcast_sa=0x0, dest_sa=<optimized out>)
at pixma/pixma_bjnp.c:1032
(gdb) p *local_sa
Cannot access memory at address 0x13d0395e1000
(gdb) up
#2 sanei_bjnp_find_devices (conf_devices=<optimized out>,
attach_bjnp=0x13d0721f3ab0 <attach_bjnp>,
pixma_devices=0x13d072209850 <pixma_devices>) at pixma/pixma_bjnp.c:2082
(gdb) list
2077 interface = interfaces;
2078 while ((no_sockets < BJNP_SOCK_MAX) && (interface != NULL))
2079 {
2080 if ( ! (interface -> ifa_flags & IFF_POINTOPOINT) &&
2081 ( (socket_fd[no_sockets] =
2082 prepare_socket( interface -> ifa_name,
2083 (bjnp_sockaddr_t *) interface ->
ifa_addr,
2084 (bjnp_sockaddr_t *) interface ->
ifa_broadaddr,
2085 &broadcast_addr[no_sockets] ) )
!= -1 ) )
2086 {
(gdb) down
#1 0x000013d072201e05 in prepare_socket (if_name=0x13d0395e0ff1 "pflog0",
local_sa=0x13d0395e0f18, broadcast_sa=0x0, dest_sa=<optimized out>)
at pixma/pixma_bjnp.c:1032
1032 memcpy( &local_sa_copy, local_sa, sa_size(local_sa) );
(gdb) list
1027 if_name));
1028 return -1;
1029 }
1030
1031 memset( &local_sa_copy, 0, sizeof(local_sa_copy) );
1032 memcpy( &local_sa_copy, local_sa, sa_size(local_sa) );
1033
1034 switch( local_sa_copy.addr.sa_family )
1035 {
1036 case AF_INET:
(gdb) p local_sa
$3 = (const bjnp_sockaddr_t *) 0x13d0395e0f18
(gdb) p *local_sa
Cannot access memory at address 0x13d0395e1000
(gdb) up
#2 sanei_bjnp_find_devices (conf_devices=<optimized out>,
attach_bjnp=0x13d0721f3ab0 <attach_bjnp>,
pixma_devices=0x13d072209850 <pixma_devices>)
at pixma/pixma_bjnp.c:2082
2082 prepare_socket( interface -> ifa_name,
(gdb) p *interface
$5 = {ifa_next = 0x0, ifa_name = 0x13d0395e0ff1 "pflog0", ifa_flags = 321,
ifa_addr = 0x13d0395e0f18, ifa_netmask = 0x0, ifa_dstaddr = 0x0,
ifa_data = 0x13d0395e0f38}
(gdb) p *interface->ifa_addr
$7 = {sa_len = 32 ' ', sa_family = 18 '\022',
sa_data = "\004\000\365\006\000\000pflog0\000"}
diff 9c884dd8fa25c3442e8327800da7fa8752722013 /usr/ports
blob - e002fba14c4824b7b8ace48f938ddfbf3204cb1a
file + graphics/sane-backends/Makefile
--- graphics/sane-backends/Makefile
+++ graphics/sane-backends/Makefile
@@ -5,6 +5,7 @@ BROKEN-alpha= ICE hp5590.c:1141: error: unrecognizabl
COMMENT= API for accessing scanners, backends
DISTNAME= sane-backends-1.0.30
+REVISION= 0
SHARED_LIBS += sane 2.1 # unknown
blob - /dev/null
file + graphics/sane-backends/patches/patch-backend_pixma_pixma_bjnp_c
--- graphics/sane-backends/patches/patch-backend_pixma_pixma_bjnp_c
+++ graphics/sane-backends/patches/patch-backend_pixma_pixma_bjnp_c
@@ -0,0 +1,20 @@
+$OpenBSD$
+Fix segfault during 'scanimage -L' if e.g. a "pflog0" interface exists.
+Address family AF_LINK is not expected by prepare_socket() and sa_size().
+Crashes during memcpy( &local_sa_copy, local_sa, sa_size(local_sa) );
+because sa_size() returns a fallback value that doesn't match the actual size.
+Index: backend/pixma/pixma_bjnp.c
+--- backend/pixma/pixma_bjnp.c.orig
++++ backend/pixma/pixma_bjnp.c
+@@ -2078,6 +2078,11 @@ sanei_bjnp_find_devices (const char **conf_devices,
+ while ((no_sockets < BJNP_SOCK_MAX) && (interface != NULL))
+ {
+ if ( ! (interface -> ifa_flags & IFF_POINTOPOINT) &&
++ ( interface -> ifa_addr -> sa_family == AF_INET
++#ifdef ENABLE_IPV6
++ || interface -> ifa_addr -> sa_family == AF_INET6
++#endif
++ ) &&
+ ( (socket_fd[no_sockets] =
+ prepare_socket( interface -> ifa_name,
+ (bjnp_sockaddr_t *) interface ->
ifa_addr,
