https://sourceforge.net/p/plplot/bugs/203/2022-06-03T13:32:05.861000ZRecent changes to 203: fixed-size arrays of size PL_MAXPOLY cause out-of-bound and posible crashes2022-06-03T13:32:05.861000Z2022-06-03T13:32:05.861000Zgiloohttps://sourceforge.net/u/gilles-duvert/https://sourceforge.net15ea0c287f7cfd76f91573d809c428b3dd84e987

<div class="markdown_content"><p>xscl and yscl , used by difilt(), are of size PL_MAXPOLY whereas their contents can be of any size, (see line 534 of plcore) causing invalid memory access and code corruption. <br/> This is most visible when drawing a filled area of a shape of size &gt; PL_MAXPOLY on the postscript driver, that triggers difilt() due to its (IMHO too complicated) coordinate conversions.</p></div>