On Tue, Aug 08 2017, Stuart Henderson <[email protected]> wrote: > On 2017/08/08 07:46, Jeremie Courreges-Anglas wrote: >> On Thu, Aug 03 2017, Stuart Henderson <[email protected]> wrote: >> > There have been a few things broken around locale handling in various >> > ports, does anyone have a handle on what's going on? >> >> This is not a locale-related problem, afaik, just a crash caused by >> wordnet accessing an element past the end of the exc_fps array. I don't >> understand why patch-lib_morph_c currently resizes this array, so the >> patch below fixes the problem but might not be correct. > > Ah great, thanks for tracking it down. OK. > > These patches are connected with > http://www.ocert.org/advisories/ocert-2008-014.html resulting from > a Debian audit, upstream didn't release newer code due to lack of > resources (and in reality, given how this is used, the risk of the > potential buffer overflows is pretty low). Though if I'm not mistaken, > the original code will also access one element past the array here.
I'll try to review the current patches more carefully before committing, the code looks a bit fishy. >> Maybe wordnet should be removed? >> http://wordnet.princeton.edu/wordnet/download/current-version/#nix >> doesn't list newer source tarballs. > > I don't see the need for that, this is pretty unique, I can't think of > anything that even comes close as a replacement. (There is a newer database > for it, I'll pull that into the port later). ack. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
