Possible array overrun in d_draw_ellipse
when i == 361, then loop still will execute and in first line_pnts[i++]
evaluate to line_pnts[361]
but second to line_pnts[362]
which will be out of bounds
gdouble line_pnts[362];
while (i < 362)
{
static const gdouble step = 2 * G_PI / 180;
line_pnts[i++] = cx + rx * cos (angle);
line_pnts[i++] = cy + ry * sin (angle);
angle += step;
}
https://gitlab.gnome.org/GNOME/gimp/-/blob/master/plug-ins/gfig/gfig-ellipse.c#L151-158