Package: memchan Version: 2.3-2 Usertags: goto-cc During an analysis of all packages using our research compiler tool-chain (using tools from the cbmc package) the following error was found:
Function randinit necessarily takes two arguments: http://sources.debian.net/src/memchan/2.3-2/isaac/randport.c?hl=65#L65 Yet Memchan_CreateRandomChannel only passes one here: http://sources.debian.net/src/memchan/2.3-2/generic/random.c?hl=529#L504 This will cause a stack underflow, resulting in undefined behaviour (likely randinit will pick an arbitrary of the two branches). Best, Michael
pgpXJ8say2gUK.pgp
Description: PGP signature
