Package: tgif Version: 1:4.2.5-1.2 Usertags: goto-cc During an analysis of all packages using our research compiler tool-chain (using tools from the cbmc package) the following error was found:
Function DoPolygonMeasureCursor necessarily takes 10 arguments: http://sources.debian.net/src/tgif/1:4.2.5-1.2/polygon.c?hl=656#L656 Yet several calls only pass 9 arguments, like here: http://sources.debian.net/src/tgif/1:4.2.5-1.2/polygon.c?hl=792,793#L792 http://sources.debian.net/src/tgif/1:4.2.5-1.2/polygon.c?hl=831,832,833#L831 as well as several other cases - even though there do exist cases where all 10 arguments are being passed. This will cause a stack underflow, resulting in undefined behaviour. Best, Michael
pgpntfu581nKZ.pgp
Description: PGP signature
