Commit a5405341 authored by Committed by Bernhard Link
Fix usage of sec_sscanf
This should fix http://bugs.debian.org/627471 Bernhard R. Link finally found the bug (excellent job!). He describes the bug as follows: ps.c is using some sec_sscanf (from secscanf.c) instead of regular sscanf or instead of doing some proper parsing. As sec_sscanf differs from regular sscanf about it variadic arguments gcc cannot test if the arguments given match the format string, especially it is lost about sec_sscanf wanting a 'char *' and a 'size_t' for ever '%s' or '%256s' it gets. Thus when ps.c does sec_sscanf(line+lenght("%%BoundingBox:), "%256s", text); the size of text field is not given, so some random value is returned by the 'va_arg(ap, size_t)' in secscanf.c If that random value is smaller than the length of "(atend)" then this will be copied incompletely and thus not be recognized.
Showing with 14 additions and 14 deletions