Sorry to quote myself all the time, but I hope, that I found/fixed the root cause now.
On Tue, 24 Sep 2024, I wrote:
#9 md5hash ( input=input@entry=0x5594c83023e0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44 ctx = 0x5594c83023a0 md_value = "\301tJ\342^\312T\032bGjɨ\f\267I" md_string = "c1", '\000' <repeats 30 times> i = 1 p = 0x5594c6dd7c02 <md_string+2> ""
Seems that there's a bug in the calculation of the buffer size. The attached patch should fix this. At least compilation with -D_FORTIFY_SOURCE=3 using this patch no longer results in buffer overflow messages on my test system.
Greetings Roland