Hello, There is a buffer overrun in return_append_str in src/frontend/lexpgn.cc at line 2224 newloc = (char *) malloc(strlen(s))+1;
The line should read: newloc = (char *) malloc(strlen(s)+1); We found this using static analysis using CodeSonar. I don’t have an actual path that will demonstrate this bug. Regards, Mark — Mark Hermeling | GrammaTech | Senior Director Product Marketing mobile +1 (607) 351-5719 | www.grammatech.com
_______________________________________________ Bug-gnu-chess mailing list Bug-gnu-chess@gnu.org https://lists.gnu.org/mailman/listinfo/bug-gnu-chess
