Follow-up Comment #2, bug #66052 (group groff): Hi Lukas,
I believe your first case is indeed a bug, though a relatively pathological
case. Here's the ChangeLog entry I have pending for it.
2024-08-07 G. Branden Robinson <g.branden.robin...@gmail.com>
[troff]: Fix Savannah #66052.
* src/roff/troff/env.cpp (hyphenate): Fix potential one-byte
stack overwrite if attempting to hyphenate a 256-character long
series of characters within a word. Reserve space for null
terminator in `hbuf` character array. Initially, this isn't
necessary because the array is simply walked to normalize
hyphenation codes by their equivalence classes. However, when
we subsequently look up the (possibly partial) word in the
exception dictionaries, `hbuf` (or a pointer into it) needs to
be treatable as a C string, thus null-terminated. Respell
already correct expression later in the code to reinforce
similarity.
Fixes <https://savannah.gnu.org/bugs/?66052>. Thanks to Lukas
Javorsky for identifying the problem using "SAST analyzers
{combination of coverity, snyk, cppcheck, gcc, clang,
shellcheck, unicontrol}".
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66052>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
