From be81b75decd188bd12ef3945c4aacb5dd9fff72f Mon Sep 17 00:00:00 2001 From: Keisuke Kuroyanagi Date: Fri, 21 Feb 2014 13:26:01 +0900 Subject: [PATCH] Add boundary check for ver2 dict reading. Bug: 12916055 Change-Id: I78ad1f98a5401f920dcfc3379aa431eb2311ae02 --- .../structure/v2/patricia_trie_policy.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/native/jni/src/suggest/policyimpl/dictionary/structure/v2/patricia_trie_policy.cpp b/native/jni/src/suggest/policyimpl/dictionary/structure/v2/patricia_trie_policy.cpp index 212f2ef39..84a6ccf33 100644 --- a/native/jni/src/suggest/policyimpl/dictionary/structure/v2/patricia_trie_policy.cpp +++ b/native/jni/src/suggest/policyimpl/dictionary/structure/v2/patricia_trie_policy.cpp @@ -87,9 +87,24 @@ int PatriciaTriePolicy::getCodePointsAndProbabilityAndReturnCodePointCount( int lastCandidatePtNodePos = 0; // Let's loop through PtNodes in this PtNode array searching for either the terminal // or one of its ascendants. + if (pos < 0 || pos >= mDictBufferSize) { + AKLOGE("PtNode array position is invalid. pos: %d, dict size: %d", + pos, mDictBufferSize); + mIsCorrupted = true; + ASSERT(false); + *outUnigramProbability = NOT_A_PROBABILITY; + return 0; + } for (int ptNodeCount = PatriciaTrieReadingUtils::getPtNodeArraySizeAndAdvancePosition( mDictRoot, &pos); ptNodeCount > 0; --ptNodeCount) { const int startPos = pos; + if (pos < 0 || pos >= mDictBufferSize) { + AKLOGE("PtNode position is invalid. pos: %d, dict size: %d", pos, mDictBufferSize); + mIsCorrupted = true; + ASSERT(false); + *outUnigramProbability = NOT_A_PROBABILITY; + return 0; + } const PatriciaTrieReadingUtils::NodeFlags flags = PatriciaTrieReadingUtils::getFlagsAndAdvancePosition(mDictRoot, &pos); const int character = PatriciaTrieReadingUtils::getCodePointAndAdvancePosition(