Comments (3)
Hi @benehalo , thanks for all your reports. They are very thorough and professional. I'm at the moment a bit absorbed with my rust rewrite of liblouis so my attention is not so much on liblouis. Nevertheless I'm very interested in solving security issues in liblouis (that was one of the reasons to start the rust rewrite) and I would appreciate some help in solving these issues.
You say that you do not know liblouis well enough to solve the issues, but you seem very competent. I think most of the problems are fairly straightforward to solve. Maybe together we'd have a good chance at solving these. Could you imagine some way were we could collaborate on some of the issues?
Thanks
Christian
from liblouis.
Hi @egli , I claim that I do not know liblouis well enough to solve the issues, because
- I only know the superficial cause of these errors, but not the root cause, making it difficult to make critical fixes;
- and I am also unclear what to do with proper error handling when an error occurs (should report error and exit? Or should catch the error and continue execution?).
I think indeed I can help make some superficial fixes, i.e. adding guards before these crash points and adhering to the error handling code in context (if any).
Do you mind me to make such fixes? If it is ok, I will give corresponding Pull Requests in the near future.
Thanks
from liblouis.
Do you mind me to make such fixes? If it is ok, I will give corresponding Pull Requests in the near future.
I'd love to see such fixes. Anything is better than the status quo.
from liblouis.
Related Issues (20)
- Split tables/ja-kantenji.utb into one for UCS2 and one for UCS4 HOT 4
- Issues when backtranslating Serbian braille HOT 6
- Allow noback as a keyword before include HOT 1
- [SEGV](lou_checkyaml): access `NULL` pointer `table` in `getCharForDots`
- [SEGV](lou_checkyaml): access `NULL` pointer `emph_classes` in `read_typeforms`
- [SEGV; heap-buffer-overflow](lou_checkyaml): index `pos` out of range (`input->chars[pos]`)
- [stack-buffer-overflow](lou_checkyaml): dangerous `widechar` string copy in `compileString`
- [heap-buffer-overflow](lou_checkyaml): 0-byte malloc results in out-of-bound read in `_lou_extParseChars`
- [heap-buffer-overflow](lou_checkyaml): wild pointer is used in `getCharForDots`
- [heap-buffer-overflow](lou_checkyaml): Out of bounds when accessing array `expected_inputPos`
- [heap-buffer-overflow](lou_checkyaml): Invalid out-of-bound index to access array `outbuf` in `check_base`
- [heap-buffer-overflow](lou_checkyaml): Index `kk` out of bounds when accessing array `input->chars` in `doPassSearch` HOT 4
- [heap-buffer-overflow](lou_translate): Negligence in parameter handling HOT 1
- 'utf-32-le' codec can't decode bytes in position 0-3 running on s390x arch
- Make match fully case insensitive HOT 1
- Prefix opcode for rule case sensitivity
- Document the pre- and post- conditions for all opcodes
- Documentation Enhancements HOT 7
- braille translation of foreign languages in the UK using UKAAF guidelines HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from liblouis.