You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer. Even though this is not always an indication of a security problem it might even be. So please check this out ASAP. By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0. Thanks, Your friendly neighborhood tinderboxer
Created attachment 250187 [details] Build log
The overflow message does not blame the offending line, but based on source inspection and a quick test program, I see a probable cause. In avidump.c!dump_vals (off_t val64 (line 323)) and in avidump.c!ProcessChunk (off_t offset (line 608)), upstream declares a variable of type off_t and calls read as though it will be an 8 byte wide value. On i686 with the defines used, off_t is 4 bytes. This triggers a fortification warning. Since the surrounding code is probably expecting the read to move the file position by 8, the safe fix would be to replace the affected off_t variables with a wider variable, such as off64_t or equivalent.
Amendment to comment #2: loff_t is 8 bytes long on x86 and amd64, and is available from <sys/types.h> without specifying any preprocessor defines, so it is probably a good choice for the fix. Maintainers, are you comfortable writing a patch to do this?
I'm not seeing this with 1.1.7. Can you still reproduce?
I played with various USE flag combinations as well as -O levels and not seeing this anymore. Assuming fixed by 1.1.7. Reopen if not.