https://bugzilla.suse.com/show_bug.cgi?id=1214249 https://bugzilla.suse.com/show_bug.cgi?id=1214249#c5 --- Comment #5 from Jiri Slaby <jslaby@suse.com> --- (In reply to Jiri Slaby from comment #4)
(In reply to Dominique Leuenberger from comment #3)
(In reply to Jiri Slaby from comment #1)
Provided it comes from parse_merge_name(): 602 static char buf[MAXPATHLEN]; ... 653 return buf;
according to valgrind it comes from setup_merge_file (exclude.c:737)
Which obtains the buffer from parse_merge_name() above -- see line 693 -- if I am looking correctly?
But you gave me a hint. I didn't study the code in between the crash and parse_merge_name() before. Now I have. Well, the buffer pointer might be incremented and that means the MAXPATHLEN in strlcpy(y, save, MAXPATHLEN); is not be correct in that case. I.e. 'y' might not equal 'buf' from the above and can point to the middle of 'buf', right? -- You are receiving this mail because: You are on the CC list for the bug.