TDF Git
Code Review
gerrit.libreoffice.org / core / 26b7ff2b6cc4def8ff7b02e223961534ba88e654^! / .
commit26b7ff2b6cc4def8ff7b02e223961534ba88e654[log]
authorCaolán McNamara <caolanm@redhat.com>Tue Nov 12 20:49:52 2019 +0000
committerCaolán McNamara <caolanm@redhat.com>Wed Nov 13 09:55:10 2019 +0100
tree09d11adad8e1c45bde5b726a67c25603eb337739
parentcc34bddc7970b33efd3a0a38b9eb5df1d963cab8 [diff]
CVE-2019-16707

Change-Id: I69c4c31330fde135b6ff6c0c1c72f613f0cc4b1d
Reviewed-on: https://gerrit.libreoffice.org/82551
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>

diff --git a/external/hunspell/0001-invalid-read-memory-access-624.patch b/external/hunspell/0001-invalid-read-memory-access-624.patch
new file mode 100644
index 0000000..66b55e7
--- /dev/null
+++ b/external/hunspell/0001-invalid-read-memory-access-624.patch

@@ -0,0 +1,25 @@
From ac938e2ecb48ab4dd21298126c7921689d60571b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 12 Nov 2019 20:03:15 +0000
Subject: [PATCH] invalid read memory access #624

---
 src/hunspell/suggestmgr.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx
index dba084e..c23f165 100644
--- a/src/hunspell/suggestmgr.cxx
+++ b/src/hunspell/suggestmgr.cxx
@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
   int l2 = su2.size();
   // decapitalize dictionary word
   if (complexprefixes) {
-    if (su1[l1 - 1] == su2[l2 - 1])
+    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
       return 1;
   } else {
     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
-- 
2.23.0


diff --git a/external/hunspell/UnpackedTarball_hunspell.mk b/external/hunspell/UnpackedTarball_hunspell.mk
index 37a2d19..1cd24e2 100644
--- a/external/hunspell/UnpackedTarball_hunspell.mk
+++ b/external/hunspell/UnpackedTarball_hunspell.mk

@@ -22,6 +22,7 @@ endif
$(eval $(call gb_UnpackedTarball_set_patchlevel,hunspell,1))

$(eval $(call gb_UnpackedTarball_add_patches,hunspell, \
	external/hunspell/0001-invalid-read-memory-access-624.patch \
))

# vim: set noet sw=4 ts=4: