Google Git
Sign in
chromium / chromium / deps / hunspell / 61b053c9d102442e72af854d9f0a28ce60d539f5^! / .
commit61b053c9d102442e72af854d9f0a28ce60d539f5[log] [tgz]
authorgroby@chromium.org <groby@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>Fri Dec 21 23:25:41 2012
committergroby@chromium.org <groby@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>Fri Dec 21 23:25:41 2012
tree9f1232f27aeebd9a13585a2c55b5d72c8eb13b7e
parentaf74047e93bb45867dd5e4919315937be75f37ae [diff]
Fix array-out-of-bounds error in hunspell

If you invoke SuggestMgr::forgotchar_utf() with wl=99, then the method will
write past the candidate_utf[MAXSWL] array. Here's a step through of what
happens:

int wl = 99; // word length is 99 charachters.
w_char candidate_utf[MAXSWL]; // buffer size is 100 chars.
w_char * p = candidate_utf + wl; // p = candidate_utf + 99.
*(p + 1) = *p; // writing to p + 1, which is candidate_utf + 100.

The fix is to reduce maximum length of spellchecked words from 99 to 98 characters.

Corresponding upstream bug report:
https://sourceforge.net/tracker/?func=detail&aid=3595024&group_id=143754&atid=756395

BUG=130128

Review URL: https://codereview.chromium.org/11442040

git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/hunspell@174476 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

diff --git a/README.chromium b/README.chromium
index 040d36f..00ad8d5 100644
--- a/README.chromium
+++ b/README.chromium

@@ -23,6 +23,8 @@
 The patch is in google.patch.
 * Add a pointer to the bdict_reader into the "SuggestMgr" so that it can use the
   replacement table from the bdict file for the secondary suggestion mechanism.
+* Reduce maximum word length to spellcheck from 99 to 98 characters to avoid
+  a crash in SuggestMgr::forgotchar_utf() in Windows.
 
 All dictionaries used by Chromium has been checked in to the
 'third_party/hunspell_dictionaries' directory. They have several additions over

diff --git a/google.patch b/google.patch
index b1ef4c9..5d21b98 100644
--- a/google.patch
+++ b/google.patch

@@ -4,7 +4,7 @@
 retrieving revision 1.41
 diff -u -r1.41 affixmgr.cxx
 --- src/hunspell/affixmgr.cxx	16 Dec 2011 09:15:34 -0000	1.41
-+++ src/hunspell/affixmgr.cxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/affixmgr.cxx	21 Dec 2012 02:19:35 -0000
 @@ -14,8 +14,14 @@
  
  #include "csutil.hxx"
@@ -195,7 +195,7 @@
 retrieving revision 1.15
 diff -u -r1.15 affixmgr.hxx
 --- src/hunspell/affixmgr.hxx	13 Oct 2011 13:41:54 -0000	1.15
-+++ src/hunspell/affixmgr.hxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/affixmgr.hxx	21 Dec 2012 02:19:35 -0000
 @@ -18,6 +18,40 @@
  class PfxEntry;
  class SfxEntry;
@@ -280,7 +280,7 @@
 retrieving revision 1.5
 diff -u -r1.5 filemgr.cxx
 --- src/hunspell/filemgr.cxx	23 Jun 2011 09:21:50 -0000	1.5
-+++ src/hunspell/filemgr.cxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/filemgr.cxx	21 Dec 2012 02:19:35 -0000
 @@ -7,6 +7,32 @@
  
  #include "filemgr.hxx"
@@ -325,7 +325,7 @@
 retrieving revision 1.3
 diff -u -r1.3 filemgr.hxx
 --- src/hunspell/filemgr.hxx	15 Apr 2010 11:22:08 -0000	1.3
-+++ src/hunspell/filemgr.hxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/filemgr.hxx	21 Dec 2012 02:19:35 -0000
 @@ -7,6 +7,30 @@
  #include "hunzip.hxx"
  #include <stdio.h>
@@ -368,7 +368,7 @@
 retrieving revision 1.12
 diff -u -r1.12 hashmgr.cxx
 --- src/hunspell/hashmgr.cxx	23 Jun 2011 09:21:50 -0000	1.12
-+++ src/hunspell/hashmgr.cxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/hashmgr.cxx	21 Dec 2012 02:19:35 -0000
 @@ -12,8 +12,14 @@
  
  // build a hash table from a munched word list
@@ -738,7 +738,7 @@
 retrieving revision 1.3
 diff -u -r1.3 hashmgr.hxx
 --- src/hunspell/hashmgr.hxx	15 Apr 2010 11:22:08 -0000	1.3
-+++ src/hunspell/hashmgr.hxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/hashmgr.hxx	21 Dec 2012 02:19:35 -0000
 @@ -8,10 +8,25 @@
  #include "htypes.hxx"
  #include "filemgr.hxx"
@@ -836,7 +836,7 @@
 retrieving revision 1.3
 diff -u -r1.3 htypes.hxx
 --- src/hunspell/htypes.hxx	6 Sep 2010 07:58:53 -0000	1.3
-+++ src/hunspell/htypes.hxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/htypes.hxx	21 Dec 2012 02:19:35 -0000
 @@ -1,6 +1,16 @@
  #ifndef _HTYPES_HXX_
  #define _HTYPES_HXX_
@@ -860,7 +860,7 @@
 retrieving revision 1.29
 diff -u -r1.29 hunspell.cxx
 --- src/hunspell/hunspell.cxx	23 Jun 2011 09:21:50 -0000	1.29
-+++ src/hunspell/hunspell.cxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/hunspell.cxx	21 Dec 2012 02:19:35 -0000
 @@ -7,20 +7,37 @@
  
  #include "hunspell.hxx"
@@ -944,7 +944,18 @@
  
  // make a copy of src at destination while removing all leading
  // blanks and removing any trailing periods after recording
-@@ -322,6 +351,9 @@
+@@ -108,7 +137,9 @@
+    if (utf8) {
+       *nc = u8_u16(dest_utf, MAXWORDLEN, dest);
+       // don't check too long words
+-      if (*nc >= MAXWORDLEN) return 0;
++      // TODO(rouslan): Remove the interim change below when this patch lands:
++      // http://sf.net/tracker/?func=detail&aid=3595024&group_id=143754&atid=756395.
++      if (*nc >= MAXWORDLEN - 1) return 0;
+       if (*nc == -1) { // big Unicode character (non BMP area)
+          *pcaptype = NOCAP;
+          return nl;
+@@ -322,6 +353,9 @@
  
  int Hunspell::spell(const char * word, int * info, char ** root)
  {
@@ -954,7 +965,7 @@
    struct hentry * rv=NULL;
    // need larger vector. For example, Turkish capital letter I converted a
    // 2-byte UTF-8 character (dotless i) by mkallsmall.
-@@ -586,6 +618,13 @@
+@@ -586,6 +620,13 @@
    if (!len)
        return NULL;
  
@@ -968,7 +979,7 @@
    // word reversing wrapper for complex prefixes
    if (complexprefixes) {
      if (word != w2) {
-@@ -675,6 +714,9 @@
+@@ -675,6 +716,9 @@
  
  int Hunspell::suggest(char*** slst, const char * word)
  {
@@ -978,7 +989,7 @@
    int onlycmpdsug = 0;
    char cw[MAXWORDUTF8LEN];
    char wspace[MAXWORDUTF8LEN];
-@@ -1921,13 +1963,21 @@
+@@ -1921,13 +1965,21 @@
  
  Hunhandle *Hunspell_create(const char * affpath, const char * dpath)
  {
@@ -1006,7 +1017,7 @@
 retrieving revision 1.6
 diff -u -r1.6 hunspell.hxx
 --- src/hunspell/hunspell.hxx	21 Jan 2011 17:30:41 -0000	1.6
-+++ src/hunspell/hunspell.hxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/hunspell.hxx	21 Dec 2012 02:19:35 -0000
 @@ -5,6 +5,10 @@
  #include "suggestmgr.hxx"
  #include "langnum.hxx"
@@ -1063,7 +1074,7 @@
 retrieving revision 1.2
 diff -u -r1.2 replist.hxx
 --- src/hunspell/replist.hxx	15 Apr 2010 11:22:09 -0000	1.2
-+++ src/hunspell/replist.hxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/replist.hxx	21 Dec 2012 02:19:35 -0000
 @@ -2,6 +2,12 @@
  #ifndef _REPLIST_HXX_
  #define _REPLIST_HXX_
@@ -1083,7 +1094,7 @@
 retrieving revision 1.24
 diff -u -r1.24 suggestmgr.cxx
 --- src/hunspell/suggestmgr.cxx	14 Feb 2011 21:47:24 -0000	1.24
-+++ src/hunspell/suggestmgr.cxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/suggestmgr.cxx	21 Dec 2012 02:19:35 -0000
 @@ -12,9 +12,110 @@
  
  const w_char W_VLINE = { '\0', '|' };
@@ -1281,7 +1292,7 @@
 retrieving revision 1.5
 diff -u -r1.5 suggestmgr.hxx
 --- src/hunspell/suggestmgr.hxx	21 Jan 2011 22:10:24 -0000	1.5
-+++ src/hunspell/suggestmgr.hxx	20 Dec 2012 23:40:03 -0000
++++ src/hunspell/suggestmgr.hxx	21 Dec 2012 02:19:35 -0000
 @@ -52,7 +52,11 @@
  
  

diff --git a/src/hunspell/hunspell.cxx b/src/hunspell/hunspell.cxx
index 0d606e0..b3f3739 100644
--- a/src/hunspell/hunspell.cxx
+++ b/src/hunspell/hunspell.cxx

@@ -137,7 +137,9 @@
    if (utf8) {
       *nc = u8_u16(dest_utf, MAXWORDLEN, dest);
       // don't check too long words
-      if (*nc >= MAXWORDLEN) return 0;
+      // TODO(rouslan): Remove the interim change below when this patch lands:
+      // http://sf.net/tracker/?func=detail&aid=3595024&group_id=143754&atid=756395.
+      if (*nc >= MAXWORDLEN - 1) return 0;
       if (*nc == -1) { // big Unicode character (non BMP area)
          *pcaptype = NOCAP;
          return nl;