Closed Bug 1256493 Opened 4 years ago Closed 3 years ago
hunspell: heap-buffer-overflow write in [@u16
Found in hunspell revision ded5b4c62c37084d216154e02e4d5e6efbd3ccfa To reproduce: run ./src/tools/example tests/base_utf.aff tests/base_utf.dic test_case.txt
Group: core-security → dom-core-security
Does the crash happen also in browser?
In our sec triage meeting today, Tyson said he wasn't sure how expose this was to content. We were hoping somebody might know. Of course, if it requires a malformed dictionary or something it probably isn't a critical security issue for Firefox.
master github hunspell now passes this example under asan
Should be fixed on trunk by bug 1257902.
Group: dom-core-security → core-security-release
Whiteboard: [adv-main47+][adv-esr45.2+] → [adv-main47+][adv-esr45.2+][post-critsmash-triage]
You need to log in before you can comment on or make changes to this bug.