> My first idea was to check if strlen(format->matrix) is within > reasonable boundaries, before using it to allocate memory.
I think that it's perfectly reasonable for libao to segfault in such a case. That's the same when one passes an invalid pointer to strlen or such a function with a "strong" invariant : the caller is responsible. > The only real mystery remaining is why zsnes hasn't been reported to > die like this before now ... The mysteries of stack layout... Maybe the previous stack frame held zeroes at the correct offset on i386. -- Etienne Millon -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org