Buffers of length MAXNAME are printed into, including in a case where the
printed string is "(EXTERNAL:%d)". This needs a maximum of 23 bytes, not 16
bytes as was previously used. This overflow looks impossible to actually trigger
because I believe this code path is only used in the case of a bug in the lexer
itself. Hence no changelog entry for this.
This issue was exposed when moving sfsprintf calls to snsprintf, as the compiler
understands the semantics of the latter and knows how to warn about detectable
overflows. Related to #1998.
projects / graphviz / commit