Skip to content

Fix OOB access in constructNgramContext when parameter prevWordCount of the JNI function latinime_BinaryDictionary_getSuggestions is > MAX_PREV_WORD_COUNT_FOR_N_GRAM#40

Open
rdevshp wants to merge 1 commit into
GrapheneOS:17from
rdevshp:oob_constructNgramContext
Open

Fix OOB access in constructNgramContext when parameter prevWordCount of the JNI function latinime_BinaryDictionary_getSuggestions is > MAX_PREV_WORD_COUNT_FOR_N_GRAM#40
rdevshp wants to merge 1 commit into
GrapheneOS:17from
rdevshp:oob_constructNgramContext

Conversation

@rdevshp

@rdevshp rdevshp commented Jun 26, 2026

Copy link
Copy Markdown

latinime_BinaryDictionary_getSuggestions/constructNgramContext does not validate the parameter prevWordCount before accessing prevWordCodePointCount[i] and isBeginningOfSentence[i], and this can cause stack overflows if the input parameter prevWordCount is > MAX_PREV_WORD_COUNT_FOR_N_GRAM.

…of the JNI function latinime_BinaryDictionary_getSuggestions is > MAX_PREV_WORD_COUNT_FOR_N_GRAM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant