Closed
Bug 1256493
Opened 9 years ago
Closed 9 years ago
hunspell: heap-buffer-overflow write in [@u16_u8]
Categories
(Core :: Spelling checker, defect)
Core
Spelling checker
Tracking
()
RESOLVED
FIXED
mozilla49
People
(Reporter: tsmith, Unassigned)
References
Details
(4 keywords, Whiteboard: [adv-main47+][adv-esr45.2+][post-critsmash-triage])
Attachments
(2 files)
Found in hunspell revision ded5b4c62c37084d216154e02e4d5e6efbd3ccfa
To reproduce:
run ./src/tools/example tests/base_utf.aff tests/base_utf.dic test_case.txt
|
Reporter | |
Comment 1•9 years ago
|
||
|
||
Updated•9 years ago
|
Group: core-security → dom-core-security
|
||
Comment 2•9 years ago
|
||
Does the crash happen also in browser?
|
||
Comment 3•9 years ago
|
||
In our sec triage meeting today, Tyson said he wasn't sure how expose this was to content. We were hoping somebody might know. Of course, if it requires a malformed dictionary or something it probably isn't a critical security issue for Firefox.
|
||
Comment 4•9 years ago
|
||
master github hunspell now passes this example under asan
|
||
Comment 5•9 years ago
|
||
Should be fixed on trunk by bug 1257902.
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
|
|
||
Updated•9 years ago
|
Group: dom-core-security → core-security-release
|
|
||
Updated•9 years ago
|
status-firefox46:
--- → wontfix
status-firefox47:
--- → fixed
status-firefox48:
--- → fixed
status-firefox-esr38:
--- → wontfix
status-firefox-esr45:
--- → fixed
tracking-firefox-esr45:
--- → 47+
Depends on: 1269941
|
||
Updated•9 years ago
|
Whiteboard: [adv-main47+][adv-esr45.2+]
|
||
Updated•9 years ago
|
Whiteboard: [adv-main47+][adv-esr45.2+] → [adv-main47+][adv-esr45.2+][post-critsmash-triage]
|
|
||
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•