Hi Thomas! > would you mind to wait for the next release, which should be due in > about two to four weeks? Bug #890016 is triggered by a pointer in an > object struct which is left un-initialized in read1_3.c. The code in > read1_3.c is full of these things and needs more proper initializing > and sanitizing.
No problem with waiting. I know, that you are already working on some input sanitizing for fig2dev, and I only forwarded the two new bugs to you to have it documented in the Debian BTS correctly and to give you more test files to check whether you found all code blocks where input sanitizing is necessary... It's great to hear, that you seem to have some progress with this, since it's only two to four weeks now. Tell me, if I can support you in some way. Greetings Roland