On 2017/08/08 07:46, Jeremie Courreges-Anglas wrote:
> On Thu, Aug 03 2017, Stuart Henderson <s...@spacehopper.org> wrote:
> > There have been a few things broken around locale handling in various
> > ports, does anyone have a handle on what's going on?
> This is not a locale-related problem, afaik, just a crash caused by
> wordnet accessing an element past the end of the exc_fps array.  I don't
> understand why patch-lib_morph_c currently resizes this array, so the
> patch below fixes the problem but might not be correct.

Ah great, thanks for tracking it down. OK.

These patches are connected with
http://www.ocert.org/advisories/ocert-2008-014.html resulting from
a Debian audit, upstream didn't release newer code due to lack of
resources (and in reality, given how this is used, the risk of the
potential buffer overflows is pretty low). Though if I'm not mistaken,
the original code will also access one element past the array here.

> Maybe wordnet should be removed?
> http://wordnet.princeton.edu/wordnet/download/current-version/#nix
> doesn't list newer source tarballs.

I don't see the need for that, this is pretty unique, I can't think of
anything that even comes close as a replacement. (There is a newer database
for it, I'll pull that into the port later).

Reply via email to