Your message dated Sat, 18 Nov 2017 16:09:31 +0100
with message-id <[email protected]>
has caused the report #882021,
regarding fig2dev: buffer overflow in note_arrow()
to be marked as having been forwarded to the upstream software
author(s) Thomas Loimer <[email protected]>
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
882021: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882021
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Hi Thomas!
Here's the next buffer overflow in the fig2dev file parser...
Greetings
Roland
--- Begin Message ---
Package: fig2dev
Version: 1:3.2.6a-6
fig2dev crashes on the attached file:
$ fig2dev -L epic overflow.fig
Segmentation fault
GDB says it's a buffer overflow:
Program received signal SIGSEGV, Segmentation fault.
0x566488fe in note_arrow (style=0, type=123456789) at read.c:503
503 arrow_used[2*type + style] = true;
(gdb) bt
#0 0x566488fe in note_arrow (style=0, type=123456789) at read.c:503
#1 read_splineobject (fp=0x5831c838) at read.c:1078
#2 0x5664a29e in read_objects (obj=0x5831c838, fp=<optimized out>) at
read.c:382
#3 readfp_fig (fp=<optimized out>, obj=<optimized out>) at read.c:185
#4 0x5663fa47 in main (argc=4, argv=0xff8ada24) at fig2dev.c:412
-- System Information:
Architecture: i386
Versions of packages fig2dev depends on:
ii gawk 1:4.1.4+dfsg-1
ii x11-common 1:7.7+19
ii libc6 2.24-17
ii libpng16-16 1.6.34-1
ii libxpm4 1:3.5.12-1
--
Jakub Wilk
overflow.fig
Description: application/xfig
--- End Message ---
--- End Message ---
