Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c.