hunspell: patch CVE-2019-16707

Details: https://nvd.nist.gov/vuln/detail/CVE-2019-16707 Pick the patch that resolves the Github issue[1] that tracked this vulnerability. [1]: https://github.com/hunspell/hunspell/issues/624 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-25 16:57:07 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-08 22:03:02 +0100
commit: 75080e6708a9608ee00921f49c1bdd370127c3b1 (patch)
tree: d517524ae1f00d3b1d3ad84e7c50586ee1b86752
parent: 6ba8215d318b8af6ee7773eb97ebca7fe708cba7 (diff)
download: meta-openembedded-75080e6708a9608ee00921f49c1bdd370127c3b1.tar.gz
2 files changed, 28 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch b/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch
new file mode 100644
index 0000000000..d3a95dadf2
--- /dev/null
+++ b/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch
@@ -0,0 +1,25 @@
+From ded6e233588c1082db9d84dc57a9d200cd306b26 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 12 Nov 2019 20:03:15 +0000
+Subject: [PATCH] invalid read memory access #624
+CVE: CVE-2019-16707
+Upstream-Status: Backport [https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/hunspell/suggestmgr.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx
+index dba084e..c23f165 100644
+--- a/src/hunspell/suggestmgr.cxx
+++ b/src/hunspell/suggestmgr.cxx
+@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
+   int l2 = su2.size();
+   // decapitalize dictionary word
+   if (complexprefixes) {
+-    if (su1[l1 - 1] == su2[l2 - 1])
+    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
+       return 1;
+   } else {
+     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
diff --git a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb
index 8d4dd5254e..c1a1585d99 100644
--- a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb
+++ b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = " \
 "
 SRCREV = "4ddd8ed5ca6484b930b111aec50c2750a6119a0f"
-SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \
+           file://CVE-2019-16707.patch \
+           "
 S = "${WORKDIR}/git"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-25 16:57:07 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-08 22:03:02 +0100
commit	75080e6708a9608ee00921f49c1bdd370127c3b1 (patch)
tree	d517524ae1f00d3b1d3ad84e7c50586ee1b86752
parent	6ba8215d318b8af6ee7773eb97ebca7fe708cba7 (diff)
download	meta-openembedded-75080e6708a9608ee00921f49c1bdd370127c3b1.tar.gz

diff --git a/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch b/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch new file mode 100644 index 0000000000..d3a95dadf2 --- /dev/null +++ b/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch
@@ -0,0 +1,25 @@
		1	From ded6e233588c1082db9d84dc57a9d200cd306b26 Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
		3	Date: Tue, 12 Nov 2019 20:03:15 +0000
		4	Subject: [PATCH] invalid read memory access #624
		5
		6	CVE: CVE-2019-16707
		7	Upstream-Status: Backport [https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b]
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	src/hunspell/suggestmgr.cxx \| 2 +-
		11	1 file changed, 1 insertion(+), 1 deletion(-)
		12
		13	diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx
		14	index dba084e..c23f165 100644
		15	--- a/src/hunspell/suggestmgr.cxx
		16	+++ b/src/hunspell/suggestmgr.cxx
		17	@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
		18	int l2 = su2.size();
		19	// decapitalize dictionary word
		20	if (complexprefixes) {
		21	- if (su1[l1 - 1] == su2[l2 - 1])
		22	+ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
		23	return 1;
		24	} else {
		25	unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;


diff --git a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb index 8d4dd5254e..c1a1585d99 100644 --- a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb +++ b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = " \
7	"	7	"
8		8
9	SRCREV = "4ddd8ed5ca6484b930b111aec50c2750a6119a0f"	9	SRCREV = "4ddd8ed5ca6484b930b111aec50c2750a6119a0f"
10	SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https"	10	SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \
		11	file://CVE-2019-16707.patch \
		12	"
11		13
12	S = "${WORKDIR}/git"	14	S = "${WORKDIR}/git"
13		15