tThe buffer overflow reported by the fortify checks in sprintf is caused by the fact that the sprintf call on line 449 in xfstt.cc does not account for the terminating \0. The size of the target buffer fn.panose is exactly 20 bytes, and the code tries to write 20 chars + 1 terminating \0 into it.
I attached a patch fixing this problem. Note that the source of xfstt in Debian sid (xfstt version 1.7-7) has the same problem. ** Patch added: "patch correcting buffer overflow in sprintf call" http://launchpadlibrarian.net/47873908/sprintf_buferoverflow.patch -- xfstt crashes in lucid lynx https://bugs.launchpad.net/bugs/575026 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
