Index: mozilla/extensions/spellcheck/myspell/src/affixmgr.cpp =================================================================== RCS file: /cvsroot/mozilla/extensions/spellcheck/myspell/src/affixmgr.cpp,v retrieving revision 1.5 diff -pU10 -r1.5 mozilla/extensions/spellcheck/myspell/src/affixmgr.cpp --- mozilla/extensions/spellcheck/myspell/src/affixmgr.cpp +++ mozilla/extensions/spellcheck/myspell/src/affixmgr.cpp @@ -1171,128 +1171,123 @@ int AffixMgr::parse_affix(char * line, struct affentry * nptr= NULL; char * tp = line; char * nl = line; char * piece; int i = 0; // split affix header line into pieces int np = 0; - while ((piece=mystrsep(&tp,' '))) { + while (i < 4 && (piece=mystrsep(&tp,' '))) { if (*piece != '\0') { switch(i) { // piece 1 - is type of affix case 0: { np++; break; } // piece 2 - is affix char case 1: { np++; achar = *piece; break; } // piece 3 - is cross product indicator case 2: { np++; if (*piece == 'Y') ff = XPRODUCT; break; } // piece 4 - is number of affentries case 3: { np++; numents = atoi(piece); ptr = (struct affentry *) malloc(numents * sizeof(struct affentry)); - ptr->xpflg = ff; - ptr->achar = achar; + if (ptr) { + ptr->xpflg = ff; + ptr->achar = achar; + } break; } - - default: break; } i++; } free(piece); } // check to make sure we parsed enough pieces if (np != 4) { fprintf(stderr, "error: affix %c header has insufficient data in line %s\n",achar,nl); - free(ptr); return 1; } + if (!ptr) { + return 2; + } // store away ptr to first affentry nptr = ptr; // now parse numents affentries for this affix for (int j=0; j < numents; j++) { fgets(nl,MAXLNLEN,af); mychomp(nl); tp = nl; i = 0; - np = 0; // split line into pieces - while ((piece=mystrsep(&tp,' '))) { + while (i < 5 && (piece=mystrsep(&tp,' '))) { if (*piece != '\0') { switch(i) { // piece 1 - is type case 0: { - np++; if (nptr != ptr) nptr->xpflg = ptr->xpflg; break; } // piece 2 - is affix char case 1: { - np++; if (*piece != achar) { fprintf(stderr, "error: affix %c is corrupt near line %s\n",achar,nl); fprintf(stderr, "error: possible incorrect count\n"); free(piece); return 1; } if (nptr != ptr) nptr->achar = ptr->achar; break; } // piece 3 - is string to strip or 0 for null case 2: { - np++; - nptr->strip = mystrdup(piece); - nptr->stripl = strlen(nptr->strip); - if (strcmp(nptr->strip,"0") == 0) { - free(nptr->strip); + if (strcmp(piece,"0") == 0) { nptr->strip=mystrdup(""); nptr->stripl = 0; - } + } else { + nptr->strip = mystrdup(piece); + nptr->stripl = strlen(nptr->strip); + } break; } // piece 4 - is affix string or 0 for null case 3: { - np++; - nptr->appnd = mystrdup(piece); - nptr->appndl = strlen(nptr->appnd); - if (strcmp(nptr->appnd,"0") == 0) { - free(nptr->appnd); + if (strcmp(piece,"0") == 0) { nptr->appnd=mystrdup(""); nptr->appndl = 0; - } + } else { + nptr->appnd = mystrdup(piece); + nptr->appndl = strlen(nptr->appnd); + } break; } // piece 5 - is the conditions descriptions - case 4: { np++; encodeit(nptr,piece); } - - default: break; + case 4: { encodeit(nptr,piece); } } i++; } free(piece); } // check to make sure we parsed enough pieces - if (np != 5) { + if (i != 5) { fprintf(stderr, "error: affix %c is corrupt near line %s\n",achar,nl); free(ptr); return 1; } nptr++; } // now create SfxEntry or PfxEntry objects and use links to // build an ordered (sorted by affix string) list nptr = ptr; Index: mozilla/extensions/spellcheck/myspell/src/csutil.cpp =================================================================== RCS file: /cvsroot/mozilla/extensions/spellcheck/myspell/src/csutil.cpp,v retrieving revision 1.7 diff -pU10 -r1.7 mozilla/extensions/spellcheck/myspell/src/csutil.cpp --- mozilla/extensions/spellcheck/myspell/src/csutil.cpp +++ mozilla/extensions/spellcheck/myspell/src/csutil.cpp @@ -24,25 +24,29 @@ char * mystrsep(char ** stringp, const c { char * rv = NULL; char * mp = *stringp; int n = strlen(mp); if (n > 0) { char * dp = (char *)memchr(mp,(int)((unsigned char)delim),n); if (dp) { *stringp = dp+1; int nc = (int)((unsigned long)dp - (unsigned long)mp); rv = (char *) malloc(nc+1); + if (!rv) + return NULL; memcpy(rv,mp,nc); *(rv+nc) = '\0'; return rv; } else { rv = (char *) malloc(n+1); + if (!rv) + return NULL; memcpy(rv, mp, n); *(rv+n) = '\0'; *stringp = mp + n; return rv; } } return NULL; } @@ -210,39 +214,55 @@ struct cs_info * get_current_cs(const ch return nsnull; ccs = (struct cs_info *) malloc(256 * sizeof(cs_info)); PRInt32 charLength = 256; PRInt32 uniLength = 512; char *source = (char *)malloc(charLength * sizeof(char)); PRUnichar *uni = (PRUnichar *)malloc(uniLength * sizeof(PRUnichar)); char *lower = (char *)malloc(charLength * sizeof(char)); char *upper = (char *)malloc(charLength * sizeof(char)); + if (!ccs || !source || !lower || !upper) { + if (ccs) + free(ccs); + if (source) + free(source); + if (lower) + free(lower); + if (upper) + free(upper); + return nsnull; + } // Create a long string of all chars. unsigned int i; for (i = 0x00; i <= 0xff ; ++i) { source[i] = i; } // Convert this long string to unicode rv = decoder->Convert(source, &charLength, uni, &uniLength); // Do case conversion stuff, and convert back. caseConv->ToUpper(uni, uni, uniLength); encoder->Convert(uni, &uniLength, upper, &charLength); + /* XXX this could have failed */ uniLength = 512; charLength = 256; rv = decoder->Convert(source, &charLength, uni, &uniLength); + /* XXX this could have failed */ + caseConv->ToLower(uni, uni, uniLength); encoder->Convert(uni, &uniLength, lower, &charLength); + /* XXX this could have failed */ + // Store for (i = 0x00; i <= 0xff ; ++i) { ccs[i].cupper = upper[i]; ccs[i].clower = lower[i]; if (ccs[i].clower != (unsigned char)i) ccs[i].ccase = true; else ccs[i].ccase = false; Index: mozilla/extensions/spellcheck/myspell/src/suggestmgr.cpp =================================================================== RCS file: /cvsroot/mozilla/extensions/spellcheck/myspell/src/suggestmgr.cpp,v retrieving revision 1.4 diff -pU10 -r1.4 mozilla/extensions/spellcheck/myspell/src/suggestmgr.cpp --- mozilla/extensions/spellcheck/myspell/src/suggestmgr.cpp +++ mozilla/extensions/spellcheck/myspell/src/suggestmgr.cpp @@ -114,20 +114,22 @@ int SuggestMgr::map_related(const char * } int in_map = 0; for (int j = 0; j < nummap; j++) { if (strchr(maptable[j].set,c) != 0) { in_map = 1; #ifdef __SUNPRO_CC // for SunONE Studio compiler char * newword = mystrdup(word); #else char * newword = strdup(word); #endif + if (!newword) + return -1; for (int k = 0; k < maptable[j].len; k++) { *(newword + i) = *(maptable[j].set + k); ns = map_related(newword, (i+1), wlst, ns, maptable, nummap); } free(newword); } } if (!in_map) { i++; ns = map_related(word, i, wlst, ns, maptable, nummap); @@ -160,26 +162,27 @@ int SuggestMgr::replchars(char** wlst, c // search every occurence of the pattern in the word while ((r=strstr(r, reptable[i].pattern)) != NULL) { strcpy(candidate, word); if (r-word + lenr + strlen(r+lenp) >= MAXSWL) break; strcpy(candidate+(r-word),reptable[i].replacement); strcpy(candidate+(r-word)+lenr, r+lenp); cwrd = 1; for (int k=0; k < ns; k++) if (strcmp(candidate,wlst[k]) == 0) cwrd = 0; if ((cwrd) && check(candidate,strlen(candidate))) { - if (ns < maxSug) { - wlst[ns] = mystrdup(candidate); - // fprintf(stderr,"replchars %d adding %s\n",ns,wlst[ns]); fflush(stderr); - if (wlst[ns] == NULL) return -1; - ns++; - } else return ns; + if (ns >= maxSug) + return ns; + + wlst[ns] = mystrdup(candidate); + // fprintf(stderr,"replchars %d adding %s\n",ns,wlst[ns]); fflush(stderr); + if (wlst[ns] == NULL) return -1; + ns++; } r++; // search for the next letter } } return ns; } // error is wrong char in place of correct one int SuggestMgr::badchar(char ** wlst, const char * word, int ns)