On Tue, Aug 08 2017, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2017/08/08 07:46, Jeremie Courreges-Anglas wrote:
>> On Thu, Aug 03 2017, Stuart Henderson <s...@spacehopper.org> wrote:
>> > There have been a few things broken around locale handling in various
>> > ports, does anyone have a handle on what's going on?
>> 
>> This is not a locale-related problem, afaik, just a crash caused by
>> wordnet accessing an element past the end of the exc_fps array.  I don't
>> understand why patch-lib_morph_c currently resizes this array, so the
>> patch below fixes the problem but might not be correct.
>
> Ah great, thanks for tracking it down. OK.
>
> These patches are connected with
> http://www.ocert.org/advisories/ocert-2008-014.html resulting from
> a Debian audit, upstream didn't release newer code due to lack of
> resources (and in reality, given how this is used, the risk of the
> potential buffer overflows is pretty low). Though if I'm not mistaken,
> the original code will also access one element past the array here.

I'll try to review the current patches more carefully before committing,
the code looks a bit fishy.

>> Maybe wordnet should be removed?
>> http://wordnet.princeton.edu/wordnet/download/current-version/#nix
>> doesn't list newer source tarballs.
>
> I don't see the need for that, this is pretty unique, I can't think of
> anything that even comes close as a replacement. (There is a newer database
> for it, I'll pull that into the port later).

ack.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply via email to