[SEGV](lou_checkyaml): negative index for `passPosMapping[realInlen]` in `_lou_backTranslate` about liblouis HOT 3 OPEN

Hi @benehalo , thanks for all your reports. They are very thorough and professional. I'm at the moment a bit absorbed with my rust rewrite of liblouis so my attention is not so much on liblouis. Nevertheless I'm very interested in solving security issues in liblouis (that was one of the reasons to start the rust rewrite) and I would appreciate some help in solving these issues.

You say that you do not know liblouis well enough to solve the issues, but you seem very competent. I think most of the problems are fairly straightforward to solve. Maybe together we'd have a good chance at solving these. Could you imagine some way were we could collaborate on some of the issues?

Thanks
Christian

from liblouis.

Hi @egli , I claim that I do not know liblouis well enough to solve the issues, because

• I only know the superficial cause of these errors, but not the root cause, making it difficult to make critical fixes;
• and I am also unclear what to do with proper error handling when an error occurs (should report error and exit? Or should catch the error and continue execution?).

I think indeed I can help make some superficial fixes, i.e. adding guards before these crash points and adhering to the error handling code in context (if any).

Do you mind me to make such fixes? If it is ok, I will give corresponding Pull Requests in the near future.

Thanks

from liblouis.

Do you mind me to make such fixes? If it is ok, I will give corresponding Pull Requests in the near future.

I'd love to see such fixes. Anything is better than the status quo.

from liblouis.