[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gv] heisenbug disabling BBox

From: Bernhard R. Link
Subject: Re: [bug-gv] heisenbug disabling BBox
Date: Wed, 3 Aug 2011 15:03:41 +0200
User-agent: Mutt/1.5.20 (2009-06-14)

* Bernhard R. Link <address@hidden> [110803 13:06]:
> In other words: I'm totally at loss how this effect can
> cause this. I will try to run it in the debugger with some
> read watchpoints for the changed parts to see where it can
> have a difference, but ....

I've finally found the bug:

ps.c is using some sec_sscanf (from secscanf.c) instead of
regular sscanf or instead of doing some proper parsing.

As sec_sscanf differs from regular sscanf about it variadic
arguments gcc cannot test if the arguments given match the
format string, especially it is lost about sec_sscanf
wanting a 'char *' and a 'size_t' for ever '%s' or '%256s'
it gets. Thus when ps.c does

sec_sscanf(line+lenght("%%BoundingBox:), "%256s", text);

the size of text field is not given, so some random value
is returned by the 'va_arg(ap, size_t)' in secscanf.c
If that random value is smaller than the length of "(atend)"
then this will be copied incompletely and thus
not be recognized.

        Bernhard R. Link

reply via email to

[Prev in Thread] Current Thread [Next in Thread]