In line 869: offset = i + 1 - strlen (match);

offset can become -1, which leads to an illegale memory write to matchrepl[-1] further down. The problem appears when I use a Turkish dictionary, and the error may caused by bad data in the dictionary hyph_tr.dic from https://github.com/Slyneth/hunspell-hyphenation-turkish
2021-02-01 18:12:45 +01:00 · 2021-02-01 18:12:45 +01:00 · c585451974
parent 73dd2967c8
commit c585451974
1 changed files with 1 additions and 0 deletions
--- a/hyphen.c
+++ b/hyphen.c
@ -882,6 +882,7 @@ int hnj_hyphen_hyph_(HyphenDict *dict, const char *word, int word_size,
      if (match)
 	{
 	  offset = i + 1 - strlen (match);
+	  if (offset < 0) offsent = 0;	// happens with hyph_tr.dic
 #ifdef VERBOSE
 	  for (k = 0; k < offset; k++)
 	    putchar (' ');