walkero
/
hyphen
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Fix buffer overflow

This commit is contained in:
Bartek Fabiszewski 2017-03-26 23:37:08 +02:00
parent 726a506ef1
commit 6962afb690
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hyphen.c
View File

@ -1076,17 +1076,20 @@ int hnj_hyphen_norm(const char *word, int word_size, char * hyphens,
void hnj_hyphen_hyphword(const char * word, int l, const char * hyphens, void hnj_hyphen_hyphword(const char * word, int l, const char * hyphens,
char * hyphword, char *** rep, int ** pos, int ** cut) char * hyphword, char *** rep, int ** pos, int ** cut)
{ {
int hyphenslen = l + 5; /* hyphword buffer size must be at least 2 * l */
int hyphword_len = 2 * l - 1;
int i, j; int i, j;
for (i = 0, j = 0; i < l; i++, j++) { for (i = 0, j = 0; i < l && j < hyphword_len; i++, j++) {
if (hyphens[i]&1) { if (hyphens[i]&1) {
hyphword[j] = word[i]; hyphword[j] = word[i];
if (*rep && *pos && *cut && (*rep)[i]) { if (*rep && *pos && *cut && (*rep)[i]) {
size_t offset = j - (*pos)[i] + 1; j -= (*pos)[i] - 1;
strncpy(hyphword + offset, (*rep)[i], hyphenslen - offset - 1); size_t rep_len = strlen((*rep)[i]);
hyphword[hyphenslen-1] = '\0'; if (j + rep_len > hyphword_len)
j += strlen((*rep)[i]) - (*pos)[i]; break;
strcpy(hyphword + j, (*rep)[i]);
j += rep_len - 1;
i += (*cut)[i] - (*pos)[i]; i += (*cut)[i] - (*pos)[i];
} else hyphword[++j] = '='; } else hyphword[++j] = '=';
} else hyphword[j] = word[i]; } else hyphword[j] = word[i];