From 7852765a503fe6dab54e1c4ab9e5e6b7bbdc70f2 Mon Sep 17 00:00:00 2001
From: Keisuke Kuroyanagi <ksk@google.com>
Date: Wed, 28 May 2014 20:20:39 +0900
Subject: [PATCH] Add length check for attaching a BoS marker.

Bug: 15297872
Change-Id: I7b0a27409b81b76561d19c6caa18a5011d3e90f6
---
 native/jni/src/suggest/core/session/prev_words_info.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/native/jni/src/suggest/core/session/prev_words_info.h b/native/jni/src/suggest/core/session/prev_words_info.h
index a58000abb..56c53c1c2 100644
--- a/native/jni/src/suggest/core/session/prev_words_info.h
+++ b/native/jni/src/suggest/core/session/prev_words_info.h
@@ -92,7 +92,7 @@ class PrevWordsInfo {
             const DictionaryStructureWithBufferPolicy *const dictStructurePolicy,
             const int *const wordCodePoints, const int wordCodePointCount,
             const bool isBeginningOfSentence, const bool tryLowerCaseSearch) {
-        if (!dictStructurePolicy || !wordCodePoints) {
+        if (!dictStructurePolicy || !wordCodePoints || wordCodePointCount > MAX_WORD_LENGTH) {
             return NOT_A_DICT_POS;
         }
         int codePoints[MAX_WORD_LENGTH];
@@ -122,6 +122,9 @@ class PrevWordsInfo {
             const DictionaryStructureWithBufferPolicy *const dictStructurePolicy,
             const int *const wordCodePoints, const int wordCodePointCount,
             const bool isBeginningOfSentence) {
+        if (!dictStructurePolicy || !wordCodePoints || wordCodePointCount > MAX_WORD_LENGTH) {
+            return NOT_A_DICT_POS;
+        }
         int codePoints[MAX_WORD_LENGTH];
         int codePointCount = wordCodePointCount;
         memmove(codePoints, wordCodePoints, sizeof(int) * codePointCount);