Closed
Bug 1256491
Opened 9 years ago
Closed 9 years ago
hunspell: heap-buffer-overflow read in [@SuggestMgr::leftcommonsubstring]
Categories
(Core :: Spelling checker, defect)
Core
Spelling checker
Tracking
()
RESOLVED
FIXED
mozilla49
| Tracking | Status | |
|---|---|---|
| firefox48 | --- | fixed |
People
(Reporter: tsmith, Unassigned)
References
Details
(Keywords: crash, csectype-bounds, sec-moderate)
Attachments
(1 file)
|
2.63 KB,
text/plain
|
Details |
Found in hunspell revision ded5b4c62c37084d216154e02e4d5e6efbd3ccfa
To reproduce:
create a test.txt file containing "abandonned abandoned"
run ./src/tools/example tests/alias3.aff tests/base_utf.dic test.txt
|
||
Updated•9 years ago
|
Group: core-security → dom-core-security
|
||
Comment 1•9 years ago
|
||
Does the crash happen also in browser?
|
||
Comment 2•9 years ago
|
||
I think this is caused by Tyson using base_utf.dic. "abandonned" doesn't crash my Firefox.
|
|
||
Updated•9 years ago
|
Keywords: sec-moderate
|
||
Comment 3•9 years ago
|
||
this now passes in github hunspell master
|
||
Comment 4•9 years ago
|
||
Should be fixed on trunk by bug 1257902.
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
|
|
||
Updated•9 years ago
|
Group: dom-core-security → core-security-release
|
||
Comment 5•9 years ago
|
||
bug 1257902 was fixed in Firefox 47, not 48 or 49. :-)
status-firefox48:
--- → fixed
status-firefox49:
fixed → ---
|
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•