#229 SuggestMgr::forgotchar_utf index out of bounds

closed
None
5
2013-04-20
2012-12-12
Anonymous
No

If you invoke SuggestMgr::forgotchar_utf() with wl=99, then the method will write past the candidate_utf[MAXSWL] array on the following line:

*(p + 1) = *p;

Here's a step through of what happens:

int wl = 99; // word length is 99 charachters.
w_char candidate_utf[MAXSWL]; // buffer size is 100 chars
w_char * p = candidate_utf + wl; // p = candidate_utf + 99
*(p + 1) = *p; // writing to p + 1, which is candidate_utf + 100.

The fix is to increase the array size by 1. I am attaching the patch that fixes the issue.

There is a related bug in Chromium here: http://crbug.com/130128

Discussion


  • Anonymous
    2012-12-12

    The patch that fixes the problem.

     
    Attachments

  • Anonymous
    2012-12-13

    An alternative patch that also fixes the problem.

     

  • Anonymous
    2012-12-13

    Perhaps hunspell-1.3.2-2.patch is a better patch to fix this? It reduces maximum length of spellchecked words from 99 chars to 98 chars.

     

  • Anonymous
    2013-01-07

    Actually, hunspell-1.3.2-2.patch prevents 99 character words from being spellchecked, but UI also does not mark these words as misspelled. Only words that are less than 99 characters and more than 99 characters in length are now underlined as misspelled. I think that hunspell-1.3.2.patch is the better solution.

     

  • Anonymous
    2013-01-08

    If we're going to go with the approach in hunspell-1.3.2-2.patch, then we should fix both forgotchar() and forgotchar_utf(), right? I am attaching hunspell-1.3.2-3.patch that fixes both functions.

     

  • Anonymous
    2013-01-08

    A variation of the original patch, but more thorough.

     
  • Integrated. Many thanks for your patch, László

     
    • assigned_to: nobody --> nemethl
    • status: open --> closed