I could not reproduce the bug on Ubuntu 16.04, but I could on Debian 10.6. I have verified Simon's patch and I think it is fine and fixes the bug.
Therefore, I have uploaded the change to the subversion repository in Savannah. It will be included in the next release, 6.2.8, which may still take a few weeks. Antonio On Sat, Oct 10, 2020 at 10:12 AM <si...@technocool.net> wrote: > This seems to be FORTIFY_SOURCE compiler flag. Debian sets level 2, but > just level 1 triggers it. > > The code uses sprintf to concatenate strings which is "undefined" > behaviour, the offending code is flagged by enabling all compiler warnings > when building pgn.cc > > This explains why it wasn't caught in development. I've sent patch to > Antonio which fixes it, but he should probably be skeptical as I've not > done C/C++ for years, and haven't fixed related warning elsewhere. If we > are using C++ we should probably consider using C++ output features, and > definitely enabling all warnings and including FORTIFY_SOURCE level 2 as > this is how the distros roll. >