Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.