patches/09.leak_and_oob_fixes.patch - hunspell - Git at Google

 Change 151456944 by lbaudoin@lbaudoin:hunspell:5889:citc on 2017/03/28 09:13:02

 	Fix write at index -1 in a buffer and a memory leak with badly formatted UTF-8 inputs.

 	PRESUBMIT=passed
 	BUG=36581411
 	FIXED=36581411
 	R=jiho
 	CC=gmail-security+reviews
 	APPROVED=jiho
 	REQUIRED_REVIEW=1
 	DELTA_BY_EXTENSION=cxx=7
 	OCL=151161132

 Affected files ...

 ... //depot//src/hunspell/hunspell.cxx#4 edit
 ... //depot//src/hunspell/suggestmgr.cxx#4 edit
 ... //depot//testdata/poc-b67f5296f69180725a8b9bbc95bccfb8be117a23d4ce14c5c5ce34421aebb5bf#1 add

 ==== //depot//src/hunspell/hunspell.cxx#3 - /google/src/files/151456944/depot//src/hunspell/hunspell.cxx ====
 --- /google/src/files/140493454/depot//src/hunspell/hunspell.cxx	2016-11-29 13:12:47.000000000 -0500
 +++ /google/src/files/151456944/depot//src/hunspell/hunspell.cxx	2017-03-28 12:13:02.000000000 -0400
 @@ -861,7 +861,7 @@
    // END OF LANG_hu section

    // try ngram approach since found nothing or only compound words
 -  if (pAMgr && (ns == 0 || onlycmpdsug) && (pAMgr->get_maxngramsugs() != 0) && (*slst)) {
 +  if (pAMgr && (ns == 0 || (ns >= 0 && onlycmpdsug)) && (pAMgr->get_maxngramsugs() != 0) && (*slst)) {
        switch(captype) {
            case NOCAP: {
                ns = pSMgr->ngsuggest(*slst, cw, ns, pHMgr, maxdic);
 ==== //depot//src/hunspell/suggestmgr.cxx#3 - /google/src/files/151456944/depot//src/hunspell/suggestmgr.cxx ====
 --- /google/src/files/140493454/depot//src/hunspell/suggestmgr.cxx	2016-11-29 13:12:47.000000000 -0500
 +++ /google/src/files/151456944/depot//src/hunspell/suggestmgr.cxx	2017-03-28 12:13:02.000000000 -0400
 @@ -158,6 +158,9 @@
          wl = u8_u16(word_utf, MAXSWL, word);
          // Added to handle wrong encoded UTF-8 strings - jiho@google.com
          if (wl <= 0) {
 +          for (int i = 0; i < maxSug; i++) {
 +            if (wlst[i]) free(wlst[i]);
 +          }
            if (!*slst) {
              free(wlst);
            }
	Change 151456944 by lbaudoin@lbaudoin:hunspell:5889:citc on 2017/03/28 09:13:02

	Fix write at index -1 in a buffer and a memory leak with badly formatted UTF-8 inputs.

	PRESUBMIT=passed
	BUG=36581411
	FIXED=36581411
	R=jiho
	CC=gmail-security+reviews
	APPROVED=jiho
	REQUIRED_REVIEW=1
	DELTA_BY_EXTENSION=cxx=7
	OCL=151161132

	Affected files ...

	... //depot//src/hunspell/hunspell.cxx#4 edit
	... //depot//src/hunspell/suggestmgr.cxx#4 edit
	... //depot//testdata/poc-b67f5296f69180725a8b9bbc95bccfb8be117a23d4ce14c5c5ce34421aebb5bf#1 add

	==== //depot//src/hunspell/hunspell.cxx#3 - /google/src/files/151456944/depot//src/hunspell/hunspell.cxx ====
	--- /google/src/files/140493454/depot//src/hunspell/hunspell.cxx 2016-11-29 13:12:47.000000000 -0500
	+++ /google/src/files/151456944/depot//src/hunspell/hunspell.cxx 2017-03-28 12:13:02.000000000 -0400
	@@ -861,7 +861,7 @@
	// END OF LANG_hu section

	// try ngram approach since found nothing or only compound words
	- if (pAMgr && (ns == 0 \|\| onlycmpdsug) && (pAMgr->get_maxngramsugs() != 0) && (*slst)) {
	+ if (pAMgr && (ns == 0 \|\| (ns >= 0 && onlycmpdsug)) && (pAMgr->get_maxngramsugs() != 0) && (*slst)) {
	switch(captype) {
	case NOCAP: {
	ns = pSMgr->ngsuggest(*slst, cw, ns, pHMgr, maxdic);
	==== //depot//src/hunspell/suggestmgr.cxx#3 - /google/src/files/151456944/depot//src/hunspell/suggestmgr.cxx ====
	--- /google/src/files/140493454/depot//src/hunspell/suggestmgr.cxx 2016-11-29 13:12:47.000000000 -0500
	+++ /google/src/files/151456944/depot//src/hunspell/suggestmgr.cxx 2017-03-28 12:13:02.000000000 -0400
	@@ -158,6 +158,9 @@
	wl = u8_u16(word_utf, MAXSWL, word);
	// Added to handle wrong encoded UTF-8 strings - jiho@google.com
	if (wl <= 0) {
	+ for (int i = 0; i < maxSug; i++) {
	+ if (wlst[i]) free(wlst[i]);
	+ }
	if (!*slst) {
	free(wlst);
	}