Random segfaults from gnome-score

[Felix Bellaby <felix pooh u-net com>]

I think I have tracked down the cause of the random seg faults in the 
gnome-scoring mechanism but it needs some confirmation because it is
a pretty weird explanation. gdb seems to narrow the problem down to 
the messages printed by the child in gnome-score.c:log_score:

	g_message("Got score %f time %ld name %s", ascore, atime, name);

Removing this line seems to eliminate the problem. Faults can occur 
even when all the variables take sensible values (e.g. 100.0, 
904771894, "root") and show up because the vsprintf that 
formats the output in gmessages.c:g_logv fails to generate a null 
terminated string:

  G_VA_COPY (args2, args1);
  if (g_printf_string_upper_bound (format, args1) < 1024)
    vsprintf (buffer, format, args2);

I think the blame must lie in the G_VA_COPY macro failing to
copy the char* "name" argument properly. This may be because this 
argument was parsed using an "%as" format specifier which (in GCC!)
allocates memory for the string:

	sscanf(buf, "%f %ld %as", &ascore, &atime, &name)

Can anyone confirm that the G_VA_COPY is a possible culprit ?

More generally, I think gmessages.c could take a bit more care:
It ignores the return value from vsprintf though some compilers can
return EOF as an error value (e.g. for invalid "%f" fields).
Also it might consider performing the acid test: Does the buffer 
which it is about to print contain a null terminated string ?
The last thing we need is seg faults from debugging messages :P

Felix

PS Someone needs to put this through cvs if it all makes sense.