Package: gtg-trace Version: 0.2+dfsg-1 Usertags: goto-cc A code inspection following errors reported by our research compiler infrastructure revealed the following serious problems in gtg_record of src/C/GTGReplay.c:
As also reported by GCC while building, the va_start macro is used with an invalid argument; the second argument should be the last named function parameter, which would be time. As is, any use of the va_list arguments will cause undefined operations on the stack, possibly resulting in execution of arbitrary code. Such use happens in __copy_args: http://sources.debian.net/src/gtg-trace/0.2+dfsg-1/src/C/GTGReplay.c?hl=415#L415 Best, Michael
pgp0gsSTpHG92.pgp
Description: PGP signature
