commit | 61b053c9d102442e72af854d9f0a28ce60d539f5 | [log] [tgz] |
---|---|---|
author | groby@chromium.org <groby@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | Fri Dec 21 23:25:41 2012 |
committer | groby@chromium.org <groby@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | Fri Dec 21 23:25:41 2012 |
tree | 9f1232f27aeebd9a13585a2c55b5d72c8eb13b7e | |
parent | af74047e93bb45867dd5e4919315937be75f37ae [diff] |
Fix array-out-of-bounds error in hunspell If you invoke SuggestMgr::forgotchar_utf() with wl=99, then the method will write past the candidate_utf[MAXSWL] array. Here's a step through of what happens: int wl = 99; // word length is 99 charachters. w_char candidate_utf[MAXSWL]; // buffer size is 100 chars. w_char * p = candidate_utf + wl; // p = candidate_utf + 99. *(p + 1) = *p; // writing to p + 1, which is candidate_utf + 100. The fix is to reduce maximum length of spellchecked words from 99 to 98 characters. Corresponding upstream bug report: https://sourceforge.net/tracker/?func=detail&aid=3595024&group_id=143754&atid=756395 BUG=130128 Review URL: https://codereview.chromium.org/11442040 git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/hunspell@174476 4ff67af0-8c30-449e-8e8b-ad334ec8d88c