This first reverts "Fix number_buf buffer overflow" (commit ada93e2db0) This for loop is apparently actually expected to to skip over NUL characters. Fixes #1302 Instead, this limits number processing to 32 digits, as break_numbers does not support more and would provide bogus result with further digits. Also fix the signedness of break_numbers so that the 32th bit actually effectively works.

2 years ago · 4412de57fd
--- a/src/libespeak-ng/translate.c
+++ b/src/libespeak-ng/translate.c
 		for (n_digits = 0; iswdigit(word[n_digits]); n_digits++) // count consecutive digits
 			;
 		if (n_digits > 4) {
 		if (n_digits > 4 && n_digits <= 32) {
 			// word is entirely digits, insert commas and break into 3 digit "words"
 			number_buf[0] = ' ';
 			number_buf[1] = ' ';
 				*pn++ = c;
 				nx--;
 				if ((nx > 0) && (tr->langopts.break_numbers & (1 << nx))) {
 				if ((nx > 0) && (tr->langopts.break_numbers & (1U << nx))) {
 					memcpy(&num_wtab[nw++], &words[ix], sizeof(WORD_TAB)); // copy the 'words' entry for each word of numbers
 					if (tr->langopts.thousands_sep != ' ')
 			for (pw = &number_buf[3]; pw < pn;) {
 				// keep wflags for each part, for FLAG_HYPHEN_AFTER
 				dict_flags = TranslateWord2(tr, pw, &num_wtab[nw++], words[ix].pre_pause);
 				while (*pw && *pw++ != ' ')
 				while (*pw++ != ' ')
 					;
 				words[ix].pre_pause = 0;
 			}
--- a/src/libespeak-ng/translate.h
+++ b/src/libespeak-ng/translate.h
 #define BREAK_LAKH_UR     0x000052a8 // b  b b b b  b b                  // 100,00,000,00,00,00,000
 #define BREAK_INDIVIDUAL  0x00000018 // b  bb                            // 100,0,000
 	int break_numbers;  // which digits to break the number into thousands, millions, etc (Hindi has 100,000 not 1,000,000)
 	unsigned break_numbers;  // which digits to break the number into thousands, millions, etc (Hindi has 100,000 not 1,000,000)
 	int max_roman;
 	int min_roman;
 	int thousands_sep;