https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx --- plib-1.8.5/src/ssg/ssgParser.cxx~ 2008-03-11 03:06:23.000000000 +0100 +++ plib-1.8.5/src/ssg/ssgParser.cxx 2012-11-01 15:33:12.424483374 +0100 @@ -57,18 +57,16 @@ void _ssgParser::error( const char *form char msgbuff[ 255 ]; va_list argp; - char* msgptr = msgbuff; - if (linenum) - { - msgptr += sprintf ( msgptr,"%s, line %d: ", - path, linenum ); - } - va_start( argp, format ); - vsprintf( msgptr, format, argp ); + vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); va_end( argp ); - ulSetError ( UL_WARNING, "%s", msgbuff ) ; + if (linenum) + { + ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ; + } else { + ulSetError ( UL_WARNING, "%s", msgbuff ) ; + } } @@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo char msgbuff[ 255 ]; va_list argp; - char* msgptr = msgbuff; - if (linenum) - { - msgptr += sprintf ( msgptr,"%s, line %d: ", - path, linenum ); - } - va_start( argp, format ); - vsprintf( msgptr, format, argp ); + vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); va_end( argp ); - ulSetError ( UL_DEBUG, "%s", msgbuff ) ; + if (linenum) + { + ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ; + } else { + ulSetError ( UL_DEBUG, "%s", msgbuff ) ; + } } // Opens the file and does a few internal calculations based on the spec.