Overview

File 0001-Avoid-crash-due-to-long-dictionary-commands.patch of Package qt6-webengine

From 92541f48f0a1ef1a737b8f4b1b1f41bf95ad27d4 Mon Sep 17 00:00:00 2001
From: Anu Aliyas <anu.aliyas@qt.io>
Date: Mon, 17 Mar 2025 13:46:45 +0100
Subject: [PATCH] Avoid crash due to long dictionary commands

The crash occurs when processing a truncated command. By default, the
buffer size is 64K (65535 bytes). When the command is longer than 65535
characters, the converter will read the command partially, which leads
to a crash. To avoid the crash, logic has been added to read content up
to the line termination.

Task-number: QTBUG-134481
Pick-to:122-based
Change-Id: Ic91cd88d74502668726a3a159b6db13cbfdfa6c0
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/632227
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 01dcb46ce26c95bd43b1662fce0be82d3f0468e6)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/639612
Reviewed-by: Anu Aliyas <anu.aliyas@qt.io>
---
 .../tools/convert_dict/hunspell_reader.cc     | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/3rdparty/chromium/chrome/tools/convert_dict/hunspell_reader.cc b/src/3rdparty/chromium/chrome/tools/convert_dict/hunspell_reader.cc
index 636a8fbf1e6..435665b9116 100644
--- a/src/3rdparty/chromium/chrome/tools/convert_dict/hunspell_reader.cc
+++ b/src/3rdparty/chromium/chrome/tools/convert_dict/hunspell_reader.cc
@@ -29,13 +29,24 @@ void TrimLine(std::string* line) {
 }
 
 std::string ReadLine(FILE* file) {
-  const char* line = fgets(line_buffer, kLineBufferLen - 1, file);
-  if (!line)
+  std::string result;
+  while (fgets(line_buffer, kLineBufferLen, file)) {
+    result.append(line_buffer);
+
+    size_t length = strlen(line_buffer);
+    // This should be true even with CRLF endings.
+    // Checking whether line is truncated.
+    if (length > 0 && line_buffer[length - 1] != '\n')
+      continue;
+
+    break;
+  }
+
+  if (result.empty())
     return std::string();
 
-  std::string str = line;
-  TrimLine(&str);
-  return str;
+  TrimLine(&result);
+  return result;
 }
 
 void StripComment(std::string* line) {
-- 
2.49.0
openSUSE Build Service is sponsored by
Places