src/pwl.c: fix buffer overflow in trie matching

Add an extra byte to the ‘word’ buffer, as the check for transposed characters can look two characters (here, NULs, so one character per byte) past the end of the buffer.
author: Reuben Thomas <rrt@sc3d.org> 2020-01-18 14:50:39 +0000
committer: Reuben Thomas <rrt@sc3d.org> 2020-01-18 14:50:39 +0000
commit: 43adab305e3b35cc8fe86747f5300c473dd04eb9 (patch)
tree: d3dcc22f6e424926be5b4a80c9dfbb94d99f9340
parent: 40482a284f30a8337b20527311a2008d65f266e9 (diff)
download: enchant-43adab305e3b35cc8fe86747f5300c473dd04eb9.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pwl.c b/src/pwl.c
index f0c9d13..ecd7eed 100644
--- a/src/pwl.c
+++ b/src/pwl.c
@@ -964,7 +964,7 @@ static EnchantTrieMatcher* enchant_trie_matcher_init(const char* const word,
 	EnchantTrieMatcher* matcher = g_new(EnchantTrieMatcher,1);
 	matcher->num_errors = 0;
 	matcher->max_errors = maxerrs;
-	matcher->word = g_new0(char,len+maxerrs+1); // Ensure matcher does not overrun buffer
+	matcher->word = g_new0(char,len+maxerrs+2); // Ensure matcher does not overrun buffer: +2 for transpose check
 	strcpy(matcher->word, pattern);
 	g_free(pattern);
 	matcher->word_pos = 0;
author	Reuben Thomas <rrt@sc3d.org>	2020-01-18 14:50:39 +0000
committer	Reuben Thomas <rrt@sc3d.org>	2020-01-18 14:50:39 +0000
commit	43adab305e3b35cc8fe86747f5300c473dd04eb9 (patch)
tree	d3dcc22f6e424926be5b4a80c9dfbb94d99f9340
parent	40482a284f30a8337b20527311a2008d65f266e9 (diff)
download	enchant-43adab305e3b35cc8fe86747f5300c473dd04eb9.tar.gz