Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#227 hyphen: segfault in hnj_hyphen_hyphword

open-accepted
nobody
None
3
2012-12-01
2012-10-04
baf
No

In hnj_hyphen_hyphword function hyphenated word length is defined as initial word length plus 5.

void hnj_hyphen_hyphword(const char * word, int l, const char * hyphens,
char * hyphword, char *** rep, int ** pos, int ** cut)
{
int hyphenslen = l + 5;

Then if compound hyphen is found we have:

if (*rep && *pos && *cut && (*rep)[i]) {
size_t offset = j - (*pos)[i] + 1;
strncpy(hyphword + offset, (*rep)[i], hyphenslen - offset - 1);
hyphword[hyphenslen-1] = '\0';
j += strlen((*rep)[i]) - (*pos)[i];
i += (*cut)[i] - (*pos)[i];
} else hyphword[++j] = '=';

It leads to problems in a situation when there are more then 5 hyphens in a word followed by compound hyphen.
In the best scenario hyphenated word is truncated. In worst there is a segmentation fault – strncpy size argument (hyphenslen - offset -1) gets negative value.

To reproduce:
echo "mamamamamamammammamamamaasszony" | ./example /usr/share/hyphen/hyph_hu_HU.dic /dev/stdin
Segmentation fault

or more practic example:
echo "application-to-be-used-with-not-so-many" | ./example /usr/share/hyphen/hyph_en_US.dic /dev/stdin
Segmentation fault

Discussion

    • priority: 5 --> 3
    • status: open --> open-accepted
     
  • This interface/feature is only for testing purpose, for example, it is not used by OpenOffice.org/LibreOffice. Thanks for the bug report.