Closed Bug 1256739 Opened 9 years ago Closed 9 years ago

hunspell: stack-buffer-overflow write in [@SfxEntry::checkword]

Categories

(Core :: Spelling checker, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla49
Tracking Status
firefox47 --- fixed
firefox48 --- fixed
firefox49 --- fixed
firefox-esr38 --- wontfix
firefox-esr45 47+ fixed

People

(Reporter: tsmith, Unassigned)

References

Details

(4 keywords, Whiteboard: [adv-main47+][adv-esr45.2+][post-critsmash-triage])

Attachments

(2 files)

Attached file call_stack.txt
Found in hunspell revision ded5b4c62c37084d216154e02e4d5e6efbd3ccfa To reproduce: run ./src/tools/example tests/base_utf.aff tests/base_utf.dic test_case.txt ==3565==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f2f62c0052c at pc 0x0000005a6f8e bp 0x7ffe237dd790 sp 0x7ffe237dd788 WRITE of size 1 at 0x7f2f62c0052c thread T0 ...
Attached file test_case.txt
Keywords: sec-high
github master now passes this example under asan without complaint
Depends on: 1257902
Should be fixed on trunk by bug 1257902.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Group: dom-core-security → core-security-release
Whiteboard: [adv-main47+][adv-esr45.2+]
Whiteboard: [adv-main47+][adv-esr45.2+] → [adv-main47+][adv-esr45.2+][post-critsmash-triage]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: