Package: fig2dev Version: 1:3.2.6a-6 The get_line() function in fig2dev/read.c does this:
len = strlen(buf);
buf[len-1] = '\0'; /* strip trailing newline */
if (buf[len-2] == '\r')
buf[len-2] = '\0'; /* strip any trailing CRs */
return 1;
If the string length is 0 (or 1 is some cases), this writes outside the
buffer.
-- Jakub Wilk
