Package: docbook-to-man Version: 1:2.0.0-34 Hi,
ReadESIS function in Instant/main.c triggers undefined behavior via memcpy's source and destination buffers overlap: memcpy(&buf[1], &buf[2], strlen(buf)-1); As far as I can see, the issue is still present in 1:2.0.0-35. The simplest fix is probly to replace with memmove. The issue was found by Valgrind when testing flac package in debian_pkg_test framework (https://github.com/yugr/debian_pkg_test). Valgrind report: ==7111== Memcheck, a memory error detector ==7111== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==7111== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==7111== Command: /usr/bin/instant -croff.cmap -sroff.sdata -tdocbook-to-man.ts -d ==7111== Parent PID: 7109 ==7111== ==7111== Source and destination overlap in memcpy_chk(0x586f051, 0x586f052, 5) ==7111== at 0x4C353D7: __memcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7111== by 0x10B2EF: ??? (in /usr/bin/instant) ==7111== by 0x10B157: ??? (in /usr/bin/instant) ==7111== by 0x10B157: ??? (in /usr/bin/instant) ==7111== by 0x10A796: ??? (in /usr/bin/instant) ==7111== by 0x526C82F: (below main) (/build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:291) -Yuri
