27 lines
1.2 KiB
Diff
27 lines
1.2 KiB
Diff
From c9ca77a4d415b838810fb22f85c728d211433197 Mon Sep 17 00:00:00 2001
|
|
From: "Reece H. Dunn" <msclrhd@gmail.com>
|
|
Date: Wed, 21 Mar 2018 21:16:08 +0000
|
|
Subject: [PATCH] Compare variant_name with "!v" only if long enough
|
|
|
|
Various places call SetVoiceStack with "" for the variant_name. This
|
|
causes -fsanitize=address to fail with an overflow as the call to
|
|
memcmp is checking the first 2 bytes, and there is only 1 byte
|
|
available.
|
|
---
|
|
src/libespeak-ng/readclause.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/libespeak-ng/readclause.c b/src/libespeak-ng/readclause.c
|
|
index 52362de44..26bc35b96 100644
|
|
--- a/src/libespeak-ng/readclause.c
|
|
+++ b/src/libespeak-ng/readclause.c
|
|
@@ -599,7 +599,7 @@ void SetVoiceStack(espeak_VOICE *v, const char *variant_name)
|
|
sp->voice_age = v->age;
|
|
sp->voice_gender = v->gender;
|
|
|
|
- if (memcmp(variant_name, "!v", 2) == 0)
|
|
+ if (strlen(variant_name) >= 2 && memcmp(variant_name, "!v", 2) == 0)
|
|
variant_name += 3; // strip variant directory name, !v plus PATHSEP
|
|
strncpy0(base_voice_variant_name, variant_name, sizeof(base_voice_variant_name));
|
|
memcpy(&base_voice, ¤t_voice_selected, sizeof(base_voice));
|