Browse Source
Guard against overflowing the dict_line bounds when compiling dictionary files.
master
Reece H. Dunn
8 years ago
1 changed files with 11 additions and 3 deletions
+ 11
- 3
src/libespeak-ng/compiledict.c
View File
| LINE_PARSER_END_OF_PRONUNCIATION = 5, | LINE_PARSER_END_OF_PRONUNCIATION = 5, | ||||
| } LINE_PARSER_STATES; | } LINE_PARSER_STATES; | ||||
| static int compile_line(char *linebuf, char *dict_line, int *hash) | |||||
| static int compile_line(char *linebuf, char *dict_line, int n_dict_line, int *hash) | |||||
| { | { | ||||
| // Compile a line in the language_list file | // Compile a line in the language_list file | ||||
| unsigned char c; | unsigned char c; | ||||
| length = len_word + 2; | length = len_word + 2; | ||||
| } else { | } else { | ||||
| length = len_word + len_phonetic + 3; | length = len_word + len_phonetic + 3; | ||||
| strcpy(&dict_line[(len_word)+2], encoded_ph); | |||||
| if (length < n_dict_line) { | |||||
| strcpy(&dict_line[(len_word)+2], encoded_ph); | |||||
| } else { | |||||
| fprintf(f_log, "%5d: Dictionary line length would overflow the data buffer: %d\n", linenum, length); | |||||
| error_count++; | |||||
| // no phonemes specified. set bit 7 | |||||
| dict_line[1] |= 0x80; | |||||
| length = len_word + 2; | |||||
| } | |||||
| } | } | ||||
| for (ix = 0; ix < n_flag_codes; ix++) | for (ix = 0; ix < n_flag_codes; ix++) | ||||
| while (fgets(buf, sizeof(buf), f_in) != NULL) { | while (fgets(buf, sizeof(buf), f_in) != NULL) { | ||||
| linenum++; | linenum++; | ||||
| length = compile_line(buf, dict_line, &hash); | |||||
| length = compile_line(buf, dict_line, sizeof(dict_line), &hash); | |||||
| if (length == 0) continue; // blank line | if (length == 0) continue; // blank line | ||||
| hash_counts[hash]++; | hash_counts[hash]++; |
Loading…