• Markus Steinborn's avatar
    Fix usage of sec_sscanf · a5405341
    Markus Steinborn authored
    This should fix http://bugs.debian.org/627471
    
    Bernhard R. Link finally found the bug (excellent job!). He
    describes the bug as follows:
    
    ps.c is using some sec_sscanf (from secscanf.c) instead of
    regular sscanf or instead of doing some proper parsing.
    
    As sec_sscanf differs from regular sscanf about it variadic
    arguments gcc cannot test if the arguments given match the
    format string, especially it is lost about sec_sscanf
    wanting a 'char *' and a 'size_t' for ever '%s' or '%256s'
    it gets. Thus when ps.c does
    
    sec_sscanf(line+lenght("%%BoundingBox:), "%256s", text);
    
    the size of text field is not given, so some random value
    is returned by the 'va_arg(ap, size_t)' in secscanf.c
    If that random value is smaller than the length of "(atend)"
    then this will be copied incompletely and thus
    not be recognized.
    a5405341
ps.c 67.2 KB