patches/20.index_check.patch - hunspell - Git at Google

 Change 537395995 by sungyc@sungyc:fig-export-icing-153-change-348:5470:citc on 2023/06/02 13:30:25

 	[hunspell] Check index before accessing when advancing

 	## Test plan
 	```
 	sso_client -location 'https://clusterfuzz.corp.google.com/testcase-detail/download-testcase?id=5157202356469760' > /tmp/testcase-5157202356469760 && blaze --blazerc=/dev/null test -c opt --config=asan-fuzzer --test_strategy=local --test_sharding_strategy=disabled   --test_env=ENABLE_BLAZE_TEST_FUZZING=1 --test_env=ASAN_OPTIONS="fast_unwind_on_fatal=0" --test_arg=-runs=100 --test_arg=/tmp/testcase-5157202356469760   //third_party/hunspell/fuzzers:suggestions_fuzzer
 	```

 	## Description
 	When advancing `i` for utf-8, we have to make sure `i < cmax` before accessing `st[i]` since it is possible that `(st[i] & 0xc0) == 0x80` still holds after `i` is out of bound. See below printed debug message:


 	```
 	cmin: 3, cmax: 6
 	i = 4
 	i = 5
 	i = 6
 	i = 7
 	i = 8
 	i = 9
 	i = 10
 	i = 11
 	...
 	```

 	PRESUBMIT=passed
 	BUG=280418190
 	R=mghiware
 	CC=adorokhine
 	APPROVED=mghiware
 	REQUIRED_REVIEW=1
 	DELTA=1 (0 added, 0 deleted, 1 changed)
 	DELTA_BY_EXTENSION=cxx=1
 	OCL=537368756
 	FIG_CHANGESET=640c9939f4f2ae8a3b8c92921c2eff1488d668df
 	FIG_WORKSPACE=sungyc/153:icing
 	MARKDOWN=true

 Affected files ...

 ... //depot//src/hunspell/affixmgr.cxx#11 edit

 ==== //depot//src/hunspell/affixmgr.cxx#10 - /google/src/files/537395995/depot//src/hunspell/affixmgr.cxx ====
 --- /google/src/files/522447888/depot//src/hunspell/affixmgr.cxx	2023-04-06 18:08:14.000000000 -0400
 +++ /google/src/files/537395995/depot//src/hunspell/affixmgr.cxx	2023-06-02 16:30:25.000000000 -0400
 @@ -1572,7 +1572,7 @@
      for (i = cmin; i < cmax; i++) {
          // go to end of the UTF-8 character
          if (utf8) {
 -            for (; (st[i] & 0xc0) == 0x80; i++);
 +            for (; i < cmax && ((st[i] & 0xc0) == 0x80); i++);
              if (i >= cmax) {
                free(rwords);
                return NULL;
	Change 537395995 by sungyc@sungyc:fig-export-icing-153-change-348:5470:citc on 2023/06/02 13:30:25

	[hunspell] Check index before accessing when advancing

	## Test plan
	```
	sso_client -location 'https://clusterfuzz.corp.google.com/testcase-detail/download-testcase?id=5157202356469760' > /tmp/testcase-5157202356469760 && blaze --blazerc=/dev/null test -c opt --config=asan-fuzzer --test_strategy=local --test_sharding_strategy=disabled --test_env=ENABLE_BLAZE_TEST_FUZZING=1 --test_env=ASAN_OPTIONS="fast_unwind_on_fatal=0" --test_arg=-runs=100 --test_arg=/tmp/testcase-5157202356469760 //third_party/hunspell/fuzzers:suggestions_fuzzer
	```

	## Description
	When advancing `i` for utf-8, we have to make sure `i < cmax` before accessing `st[i]` since it is possible that `(st[i] & 0xc0) == 0x80` still holds after `i` is out of bound. See below printed debug message:


	```
	cmin: 3, cmax: 6
	i = 4
	i = 5
	i = 6
	i = 7
	i = 8
	i = 9
	i = 10
	i = 11
	...
	```

	PRESUBMIT=passed
	BUG=280418190
	R=mghiware
	CC=adorokhine
	APPROVED=mghiware
	REQUIRED_REVIEW=1
	DELTA=1 (0 added, 0 deleted, 1 changed)
	DELTA_BY_EXTENSION=cxx=1
	OCL=537368756
	FIG_CHANGESET=640c9939f4f2ae8a3b8c92921c2eff1488d668df
	FIG_WORKSPACE=sungyc/153:icing
	MARKDOWN=true

	Affected files ...

	... //depot//src/hunspell/affixmgr.cxx#11 edit

	==== //depot//src/hunspell/affixmgr.cxx#10 - /google/src/files/537395995/depot//src/hunspell/affixmgr.cxx ====
	--- /google/src/files/522447888/depot//src/hunspell/affixmgr.cxx 2023-04-06 18:08:14.000000000 -0400
	+++ /google/src/files/537395995/depot//src/hunspell/affixmgr.cxx 2023-06-02 16:30:25.000000000 -0400
	@@ -1572,7 +1572,7 @@
	for (i = cmin; i < cmax; i++) {
	// go to end of the UTF-8 character
	if (utf8) {
	- for (; (st[i] & 0xc0) == 0x80; i++);
	+ for (; i < cmax && ((st[i] & 0xc0) == 0x80); i++);
	if (i >= cmax) {
	free(rwords);
	return NULL;