pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1

[adrian%mx.aik.onl@localhost]

>Number:         55809
>Category:       pkg
>Synopsis:       Webalizer from pkgsrc-2020Q2 and pkgsrc-2020Q3 binaries seqfaults on NetBSD 9 and NetBSD 9.1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 17 10:45:00 +0000 2020
>Originator:     Adrian Immanuel Kiess
>Release:        NetBSD 9.1
>Organization:
	
>Environment:
	
	
System: NetBSD www3.kiess.onl 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
  Webalizer from pkgsrc-2020Q2 and pkgsrc-2020Q3 binaries on NetBSD 9 and NetBSD 9.1/amd64 sequfults after a working period of one month.

	The error received in /var/log/messages is as following:
  
	Nov 17 09:00:00 www3 -: www3.kiess.onl webalizer - - - buffer overflow detected; terminated
	Nov 17 10:00:00 www3 -: www3.kiess.onl webalizer - - - buffer overflow detected; terminated

	The error received by running webalizer at the console is as follwing:

	Webalizer V2.21-02 (NetBSD 9.1 amd64) English
	Using logfile /var/log/httpd/access_log (clf)
	Creating output in /var/www/base/webalizer
	Hostname for reports is 'www3.kiess.onl'
	Reading history file... webalizer.hist
	Reading previous run data.. webalizer.current
	Saving current run data... [11/17/2020 11:26:07]
	zsh: abort (core dumped)  webalizer

	I already got the hint on IRC that this may be security concern automatically detected by the pkgsrc build system.

	The error starts to appear after the first new month of the Apache2 access_log is reached.

>How-To-Repeat:
  Install webalizer from pkgsrc binaries and run it against the Apache2 logfile until a new month is reached. I tried both incremental and and single Apache2 access_log file.
>Fix:
  No fix is known to me.

>Unformatted: