Closed Bug 418349 Opened 12 years ago Closed 10 years ago

phone is dereferenced before oom check in AffixMgr::parse_phonetable

Categories

(Core :: Spelling checker, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity, crash)

Attachments

(1 file, 1 obsolete file)

bug 340362 comment 5
Assignee: mscott → nobody
This is still present with Hunspell 1.2.8
Attached patch move check (obsolete) — Splinter Review
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #430900 - Flags: review?(ryanvm)
Attachment #430900 - Flags: review?(ryanvm) → review?(nemeth)
Nemeth, as best I can tell, 1.2.9 does not address this. Is that correct?
Previous patch would use delete on malloc, should be free on malloc or delete on new. Also has a typo of

+ if (!phone) return 1;
+   return 1;

which would always return 1 of course. New patch committed to upstream hunspell for 1.2.10
Attachment #430900 - Attachment is obsolete: true
Attachment #430900 - Flags: review?(nemeth)
I'll mark this bug as depending on a future Hunspell 1.2.10 bug upon release.
Fixed by bug 564608
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.