Closed
Bug 1263234
Opened 9 years ago
Closed 9 years ago
hunspell: stack-buffer-overflow read in [@AffixMgr::setcminmax]
Categories
(Core :: Spelling checker, defect)
Core
Spelling checker
Tracking
()
RESOLVED
FIXED
mozilla49
| Tracking | Status | |
|---|---|---|
| firefox48 | --- | fixed |
People
(Reporter: tsmith, Unassigned)
References
Details
(4 keywords)
Attachments
(1 file)
|
3 bytes,
text/plain
|
Details |
Found in hunspell revision ded5b4c62c37084d216154e02e4d5e6efbd3ccfa
To reproduce:
run ./src/tools/example tests/base_utf.aff tests/base_utf.dic test_case.txt
==34702==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f2659f0552f at pc 0x00000057f833 bp 0x7ffd0c044770 sp 0x7ffd0c044768
READ of size 1 at 0x7f2659f0552f thread T0
#0 0x57f832 in AffixMgr::setcminmax(int*, int*, char const*, int) /home/user/code/hunspell/src/hunspell/affixmgr.cxx:1691:24
#1 0x57f832 in AffixMgr::compound_check(char const*, int, short, short, short, short, hentry**, char, char, int*) /home/user/code/hunspell/src/hunspell/affixmgr.cxx:1734
#2 0x519949 in SuggestMgr::checkword(char const*, int, int, int*, long*) /home/user/code/hunspell/src/hunspell/suggestmgr.cxx:1710:14
#3 0x52cf5e in SuggestMgr::twowords(char**, char const*, int, int) /home/user/code/hunspell/src/hunspell/suggestmgr.cxx:966:10
#4 0x51ccc5 in SuggestMgr::suggest(char***, char const*, int, int*) /home/user/code/hunspell/src/hunspell/suggestmgr.cxx:339:14
#5 0x4fb1eb in Hunspell::suggest(char***, char const*) /home/user/code/hunspell/src/hunspell/hunspell.cxx:929:12
#6 0x4e7b4e in main /home/user/code/hunspell/src/tools/example.cxx:134:16
#7 0x7f265cd72ec4 in __libc_start_main /build/eglibc-3GlaMS/eglibc-2.19/csu/libc-start.c:287
#8 0x41f20b in _start (/home/user/Desktop/hunspell/example_asan+0x41f20b)
|
Reporter | |
Comment 1•9 years ago
|
||
Sorry submitted too soon.
Found in hunspell revision f8c5c098d754394a84e271247a88bd9bc78c633a
To reproduce:
run ./src/tools/example tests/utfcompound.aff tests/utfcompound.dic test_case.txt
|
||
Comment 2•9 years ago
|
||
This is now working in hunspell github master
|
||
Updated•9 years ago
|
Keywords: sec-moderate
|
|
||
Updated•9 years ago
|
status-firefox48:
--- → affected
|
||
Comment 3•9 years ago
|
||
Should be fixed on trunk by bug 1257902.
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
|
||
Updated•9 years ago
|
Group: dom-core-security → core-security-release
|
|
||
Comment 4•8 years ago
|
||
bug 1257902 was fixed in Firefox 47, not 48 or 49. :-)
status-firefox49:
fixed → ---
|
|
||
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•