Re: [bug-gv] heisenbug disabling BBox

bug-gv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gv] heisenbug disabling BBox

From:	Bernhard R. Link
Subject:	Re: [bug-gv] heisenbug disabling BBox
Date:	Wed, 3 Aug 2011 15:03:41 +0200
User-agent:	Mutt/1.5.20 (2009-06-14)

* Bernhard R. Link <address@hidden> [110803 13:06]:
> In other words: I'm totally at loss how this effect can
> cause this. I will try to run it in the debugger with some
> read watchpoints for the changed parts to see where it can
> have a difference, but ....

I've finally found the bug:

ps.c is using some sec_sscanf (from secscanf.c) instead of
regular sscanf or instead of doing some proper parsing.

As sec_sscanf differs from regular sscanf about it variadic
arguments gcc cannot test if the arguments given match the
format string, especially it is lost about sec_sscanf
wanting a 'char *' and a 'size_t' for ever '%s' or '%256s'
it gets. Thus when ps.c does

sec_sscanf(line+lenght("%%BoundingBox:), "%256s", text);

the size of text field is not given, so some random value
is returned by the 'va_arg(ap, size_t)' in secscanf.c
If that random value is smaller than the length of "(atend)"
then this will be copied incompletely and thus
not be recognized.

        Bernhard R. Link

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-gv] heisenbug disabling BBox, Bernhard R. Link, 2011/08/03
- Re: [bug-gv] heisenbug disabling BBox, Bernhard R. Link, 2011/08/03
  - Re: [bug-gv] heisenbug disabling BBox, Bernhard R. Link <=
    - Re: [bug-gv] heisenbug disabling BBox, Markus Steinborn, 2011/08/03

Prev by Date: Re: [bug-gv] heisenbug disabling BBox
Next by Date: Re: [bug-gv] heisenbug disabling BBox
Previous by thread: Re: [bug-gv] heisenbug disabling BBox
Next by thread: Re: [bug-gv] heisenbug disabling BBox
Index(es):
- Date
- Thread