#229 SuggestMgr::forgotchar_utf index out of bounds

closed
None
5
2013-04-20
2012-12-12
Anonymous
No

If you invoke SuggestMgr::forgotchar_utf() with wl=99, then the method will write past the candidate_utf[MAXSWL] array on the following line:

*(p + 1) = *p;

Here's a step through of what happens:

int wl = 99; // word length is 99 charachters.
w_char candidate_utf[MAXSWL]; // buffer size is 100 chars
w_char * p = candidate_utf + wl; // p = candidate_utf + 99
*(p + 1) = *p; // writing to p + 1, which is candidate_utf + 100.

The fix is to increase the array size by 1. I am attaching the patch that fixes the issue.

There is a related bug in Chromium here: http://crbug.com/130128

Discussion

  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-12-12

    The patch that fixes the problem.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-12-13

    An alternative patch that also fixes the problem.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-12-13

    Perhaps hunspell-1.3.2-2.patch is a better patch to fix this? It reduces maximum length of spellchecked words from 99 chars to 98 chars.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-01-07

    Actually, hunspell-1.3.2-2.patch prevents 99 character words from being spellchecked, but UI also does not mark these words as misspelled. Only words that are less than 99 characters and more than 99 characters in length are now underlined as misspelled. I think that hunspell-1.3.2.patch is the better solution.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-01-08

    If we're going to go with the approach in hunspell-1.3.2-2.patch, then we should fix both forgotchar() and forgotchar_utf(), right? I am attaching hunspell-1.3.2-3.patch that fixes both functions.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-01-08

    A variation of the original patch, but more thorough.

     
  • Németh László

    Integrated. Many thanks for your patch, László

     
  • Németh László

    • assigned_to: nobody --> nemethl
    • status: open --> closed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks