(In reply to Marcus Meissner from comment #2) > you built it without overflow checking ;) > > anyway, fixed like this in factory: > > +- snprintf(buf + len, sizeof(buf), fmt, data_fields[j].title); > ++ snprintf(buf + len, sizeof(buf) - len, fmt, data_fields[j].title); Thanks for fixing it. Can you send your patch to upstream?