From 97e079a23d459aeb6e64435350d7710c90dbca85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Fri, 11 Sep 2015 13:28:52 +0100
Subject: [PATCH] Resolves: rhbz#1261421 crash on mashing hangul korean
keyboard
---
src/hunspell/hunspell.cxx | 69 +++++++++++++++++++++++++++++++++++------------
src/hunspell/hunspell.hxx | 4 ++-
src/hunspell/replist.cxx | 18 ++++++++++---
src/hunspell/replist.hxx | 2 ++
src/tools/hunspell.cxx | 2 +-
6 files changed, 78 insertions(+), 24 deletions(-)
diff --git a/src/hunspell/hunspell.cxx b/src/hunspell/hunspell.cxx
index 7fae54b..d8ef357 100644
--- a/src/hunspell/hunspell.cxx
+++ b/src/hunspell/hunspell.cxx
@@ -12,6 +12,7 @@
#endif
#include "csutil.hxx"
+#include <limits>
#include <string>
Hunspell::Hunspell(const char * affpath, const char * dpath, const char * key)
@@ -345,8 +346,13 @@
// input conversion
RepList * rl = (pAMgr) ? pAMgr->get_iconvtable() : NULL;
- if (rl && rl->conv(word, wspace)) wl = cleanword2(cw, wspace, unicw, &nc, &captype, &abbv);
- else wl = cleanword2(cw, word, unicw, &nc, &captype, &abbv);
+ int convstatus = rl ? rl->conv(word, wspace, MAXWORDUTF8LEN) : 0;
+ if (convstatus < 0)
+ return 0;
+ else if (convstatus > 0)
+ wl = cleanword2(cw, wspace, unicw, &nc, &captype, &abbv);
+ else
+ wl = cleanword2(cw, word, unicw, &nc, &captype, &abbv);
int info2 = 0;
if (wl == 0 || maxdic == 0) return 1;
@@ -699,8 +705,13 @@
// input conversion
RepList * rl = (pAMgr) ? pAMgr->get_iconvtable() : NULL;
- if (rl && rl->conv(word, wspace)) wl = cleanword2(cw, wspace, unicw, &nc, &captype, &abbv);
- else wl = cleanword2(cw, word, unicw, &nc, &captype, &abbv);
+ int convstatus = rl ? rl->conv(word, wspace, MAXWORDUTF8LEN) : 0;
+ if (convstatus < 0)
+ return 0;
+ else if (convstatus > 0)
+ wl = cleanword2(cw, wspace, unicw, &nc, &captype, &abbv);
+ else
+ wl = cleanword2(cw, word, unicw, &nc, &captype, &abbv);
if (wl == 0) return 0;
int ns = 0;
@@ -1008,7 +1019,7 @@
// output conversion
rl = (pAMgr) ? pAMgr->get_oconvtable() : NULL;
for (int j = 0; rl && j < ns; j++) {
- if (rl->conv((*slst)[j], wspace)) {
+ if (rl->conv((*slst)[j], wspace, MAXWORDUTF8LEN) > 0) {
free((*slst)[j]);
(*slst)[j] = mystrdup(wspace);
}
@@ -1383,8 +1394,13 @@
// input conversion
RepList * rl = (pAMgr) ? pAMgr->get_iconvtable() : NULL;
- if (rl && rl->conv(word, wspace)) wl = cleanword2(cw, wspace, unicw, &nc, &captype, &abbv);
- else wl = cleanword2(cw, word, unicw, &nc, &captype, &abbv);
+ int convstatus = rl ? rl->conv(word, wspace, MAXWORDUTF8LEN) : 0;
+ if (convstatus < 0)
+ return 0;
+ else if (convstatus > 0)
+ wl = cleanword2(cw, wspace, unicw, &nc, &captype, &abbv);
+ else
+ wl = cleanword2(cw, word, unicw, &nc, &captype, &abbv);
if (wl == 0) {
if (abbv) {
diff --git a/src/hunspell/replist.cxx b/src/hunspell/replist.cxx
index b9b1255..bac3e06 100644
--- a/src/hunspell/replist.cxx
+++ b/src/hunspell/replist.cxx
@@ -74,6 +74,7 @@
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
+#include <limits>
#include "replist.hxx"
#include "csutil.hxx"
@@ -139,19 +140,30 @@ int RepList::add(char * pat1, char * pat2) {
return 0;
}
-int RepList::conv(const char * word, char * dest) {
+int RepList::conv(const char * word, char * dest, size_t destsize) {
int stl = 0;
int change = 0;
for (size_t i = 0; i < strlen(word); i++) {
int n = near(word + i);
int l = match(word + i, n);
if (l) {
+ size_t replen = strlen(dat[n]->pattern2);
+ if (stl+replen >= destsize)
+ return -1;
strcpy(dest + stl, dat[n]->pattern2);
- stl += strlen(dat[n]->pattern2);
+ stl += replen;
i += l - 1;
change = 1;
- } else dest[stl++] = word[i];
+ } else {
+ if (stl+1 >= destsize)
+ return -1;
+ dest[stl++] = word[i];
+ }
}
dest[stl] = '\0';
return change;
}
+
+int RepList::conv(const char * word, char * dest) {
+ return conv(word, dest, std::numeric_limits<std::size_t>::max());
+}
diff --git a/src/hunspell/replist.hxx b/src/hunspell/replist.hxx
index 1e3d6e4..e418298 100644
--- a/src/hunspell/replist.hxx
+++ b/src/hunspell/replist.hxx
@@ -99,5 +99,7 @@ public:
int near(const char * word);
int match(const char * word, int n);
int conv(const char * word, char * dest);
+ // ^^-deprecated, use this-vv"
+ int conv(const char * word, char * dest, size_t destsize);
};
#endif