Pixma backend crashes when searching for networked scanners
I have a Canon MF643C and with SANE Backends 1.3.1, when I search for networked scanners (using scanimage -L e.g.) the pixma backend crashes:
#1 0x00007f83aaa21abe raise (libc.so.6 + 0x19abe)
#2 0x00007f83aaa096d0 abort (libc.so.6 + 0x16d0)
#3 0x00007f83aaa0a6f3 __libc_message_impl.cold (libc.so.6 + 0x26f3)
#4 0x00007f83aab07389 __fortify_fail (libc.so.6 + 0xff389)
#5 0x00007f83aab06ce4 __chk_fail (libc.so.6 + 0xfece4)
#6 0x00007f83aaa66349 __vsprintf_internal (libc.so.6 + 0x5e349)
#7 0x00007f83aab0863b __sprintf_chk (libc.so.6 + 0x10063b)
#8 0x00007f839a493a18 attach_bjnp (libsane-pixma.so.1 + 0x3a18)
#9 0x00007f839a4afc60 add_scanner (libsane-pixma.so.1 + 0x1fc60)
#10 0x00007f839a4b069a sanei_bjnp_find_devices (libsane-pixma.so.1 + 0x2069a)
#11 0x00007f839a4a188e sanei_pixma_collect_devices (libsane-pixma.so.1 + 0x1188e)
#12 0x00007f839a49f3b7 sane_pixma_get_devices (libsane-pixma.so.1 + 0xf3b7)
This looks like line 135 in pixma_io_sanei.c
sprintf(si->serial, "%s_%s", cfg->model, serial);
According to debugging output cfg->model is "MF642C/643C/644C" and the serial number is the hostname of the scanner, which is "canoncb2ff6.lan". The total length of the resulting string is 33 characters (including the \0 terminator) and AFAICS the serial field in scanner_info_t has a maximum size of 31 characters?
Edited by Mikkel Lauritsen