Package: hunspell / 1.7.0-3

CVE-2019-16707.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Description: CVE-2019-16707: invalid read operation in SuggestMgr::leftcommonsubstring
Origin: upstream, https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b
Bug: https://github.com/hunspell/hunspell/issues/624
Bug-Debian: https://bugs.debian.org/941185
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2019-16707
Last-Update: 2020-06-24

--- a/src/hunspell/suggestmgr.cxx
+++ b/src/hunspell/suggestmgr.cxx
@@ -2040,7 +2040,7 @@
   int l2 = su2.size();
   // decapitalize dictionary word
   if (complexprefixes) {
-    if (su1[l1 - 1] == su2[l2 - 1])
+    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
       return 1;
   } else {
     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;