hunspell: patch CVE-2019-16707

Details: https://nvd.nist.gov/vuln/detail/CVE-2019-16707 Pick the patch that resolves the Github issue[1] that tracked this vulnerability. [1]: https://github.com/hunspell/hunspell/issues/624 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-13 17:39:57 +00:00 · 2025-12-25 16:57:07 +01:00
parent 6ba8215d31
commit 75080e6708
2 changed files with 28 additions and 1 deletions
@@ -0,0 +1,25 @@
+From ded6e233588c1082db9d84dc57a9d200cd306b26 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 12 Nov 2019 20:03:15 +0000
+Subject: [PATCH] invalid read memory access #624
+
+CVE: CVE-2019-16707
+Upstream-Status: Backport [https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/hunspell/suggestmgr.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx
+index dba084e..c23f165 100644
+--- a/src/hunspell/suggestmgr.cxx
+++ b/src/hunspell/suggestmgr.cxx
+@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
+   int l2 = su2.size();
+   // decapitalize dictionary word
+   if (complexprefixes) {
+-    if (su1[l1 - 1] == su2[l2 - 1])
+    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
+       return 1;
+   } else {
+     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = " \
 "

 SRCREV = "4ddd8ed5ca6484b930b111aec50c2750a6119a0f"
-SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \
+           file://CVE-2019-16707.patch \
+           "

 S = "${WORKDIR}/git"