diff -ruN uni2ascii-4.18.orig//ascii2uni.c uni2ascii-4.18/ascii2uni.c --- uni2ascii-4.18.orig//ascii2uni.c 2011-05-14 22:15:20.000000000 -0400 +++ uni2ascii-4.18/ascii2uni.c 2011-08-21 21:52:36.000000000 -0400 @@ -555,7 +555,8 @@ } else if (FType == CHENT) { if (AllHTMLP){ - if(sscanf(iptr,aHfmt,&num,&NConsumed) > 0) { + NConsumed = -1; + if(sscanf(iptr,aHfmt,&num,&NConsumed) > 0 && NConsumed != -1) { if(*(iptr+NConsumed-1) != ';') { MicrosoftStyle++; fprintf(stderr, @@ -568,7 +569,8 @@ TokenNumber++; continue; } - if(sscanf(iptr,aDfmt,&num,&NConsumed) > 0) { + NConsumed = -1; + if(sscanf(iptr,aDfmt,&num,&NConsumed) > 0 && NConsumed != -1) { if(*(iptr+NConsumed-1) != ';') { MicrosoftStyle++; fprintf(stderr, @@ -582,7 +584,8 @@ continue; } } - if(sscanf(iptr,afmt,&enam,&NConsumed) > 0) { + NConsumed = -1; + if(sscanf(iptr,afmt,&enam,&NConsumed) > 0 && NConsumed != -1) { if( (num = LookupCodeForEntity(enam))) { if(*(iptr+NConsumed-1) != ';') { MicrosoftStyle++; @@ -636,7 +639,8 @@ /* Need to fill this in */ } else { /* Default - not BMPSplitP, Q, or byte format */ - if((last = sscanf(iptr,afmt,&num,&NConsumed)) > 0) { + NConsumed = -1; + if((last = sscanf(iptr,afmt,&num,&NConsumed)) > 0 && NConsumed != -1) { if(FType== HTMLX) { if(*(iptr-1+NConsumed) != ';') { MicrosoftStyle++; diff -ruN uni2ascii-4.18.orig//debian/changelog uni2ascii-4.18/debian/changelog --- uni2ascii-4.18.orig//debian/changelog 2011-05-17 01:30:08.000000000 -0400 +++ uni2ascii-4.18/debian/changelog 2011-08-21 21:57:42.000000000 -0400 @@ -1,3 +1,13 @@ +uni2ascii (4.18-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Check whether sscanf() returned successfully before using the number + of characters processed to increment a pointer; otherwise uninitialized + memory would be used, which can cause segfaults or infinite loops, + Closes: #633704 + + -- Benjamin Kaduk Sun, 21 Aug 2011 21:53:15 -0400 + uni2ascii (4.18-1) unstable; urgency=low * New upstream release: