http://bugzilla.opensuse.org/show_bug.cgi?id=1205577 http://bugzilla.opensuse.org/show_bug.cgi?id=1205577#c2 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |IN_PROGRESS Component|Development |X.Org Assignee|sndirsch@suse.com |gfx-bugs@suse.de QA Contact|qa-bugs@suse.de |gfx-bugs@suse.de --- Comment #2 from Stefan Dirsch <sndirsch@suse.com> --- No idea why MAXFILES would be set to 256 in our build. Indeed in source code it's set to 2048. Best would be to bisect the issue. Possible candidates in git changes After 1.0.5 and before 1.0.6 From 0860822bb2a1bbc6e40758e2e6413181b26b6b04 Mon Sep 17 00:00:00 2001 From: Dirk <doj@cubic.org> Date: Thu, 11 Feb 2016 18:48:13 +0000 Subject: [PATCH 06/14] missing bounds check in makedepend for file arguments When assigning source code files from the command line to the fp pointer, no bounds check is done and if more than MAXFILES file names are specified on the command line, memory will be overridden out of bounds. https://bugs.freedesktop.org/show_bug.cgi?id=94099 After 1.0.6 From 3dc64b0b0a7d4e14ccea6b9d1d11bf871c47a7e0 Mon Sep 17 00:00:00 2001 From: Thibault DUPONCHELLE <thibault.duponchelle@gmail.com> Date: Wed, 20 Mar 2019 09:26:47 +0100 Subject: [PATCH 5/7] Add test case for bug #1 + proposed fix. Fixes: https://gitlab.freedesktop.org/xorg/util/makedepend/issues/1 -- You are receiving this mail because: You are on the CC list for the bug.