Boundary check for children creating of PatriciaTriePolicy.

Bug: 10537529 Change-Id: I0cd8b6de230795498395ca08789ccc1c74780f2c
author: Keisuke Kuroyanagi <ksk@google.com> 2013-09-25 19:54:31 +0900
committer: Keisuke Kuroyanagi <ksk@google.com> 2013-09-25 19:54:31 +0900
commit: 009dcac33f53bb92d0a8b7f0789a26568b04f014 (patch)
tree: adbb2b0f1a6f677762e7ea50d47388ca288fa2c6
parent: 4350a93aa5447f92304bea3f8bbf00bbf6c35498 (diff)
download: latinime-009dcac33f53bb92d0a8b7f0789a26568b04f014.tar.gz
latinime-009dcac33f53bb92d0a8b7f0789a26568b04f014.tar.xz
latinime-009dcac33f53bb92d0a8b7f0789a26568b04f014.zip
2 files changed, 14 insertions, 0 deletions
diff --git a/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.cpp b/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.cpp
index 5269795a4..c594470cc 100644
--- a/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.cpp
+++ b/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.cpp
@@ -31,9 +31,21 @@ void PatriciaTriePolicy::createAndGetAllChildNodes(const DicNode *const dicNode,
         return;
     }
     int nextPos = dicNode->getChildrenPos();
+    if (nextPos < 0 || nextPos >= mDictBufferSize) {
+        AKLOGE("Children PtNode array position is invalid. pos: %d, dict size: %d",
+                nextPos, mDictBufferSize);
+        ASSERT(false);
+        return;
+    }
     const int childCount = PatriciaTrieReadingUtils::getPtNodeArraySizeAndAdvancePosition(
             mDictRoot, &nextPos);
     for (int i = 0; i < childCount; i++) {
+        if (nextPos < 0 || nextPos >= mDictBufferSize) {
+            AKLOGE("Child PtNode position is invalid. pos: %d, dict size: %d, childCount: %d / %d",
+                    nextPos, mDictBufferSize, i, childCount);
+            ASSERT(false);
+            return;
+        }
         nextPos = createAndGetLeavingChildNode(dicNode, nextPos, childDicNodes);
     }
 }
diff --git a/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.h b/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.h
index 19155f938..f1de914cb 100644
--- a/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.h
+++ b/native/jni/src/suggest/policyimpl/dictionary/patricia_trie_policy.h
@@ -36,6 +36,7 @@ class PatriciaTriePolicy : public DictionaryStructureWithBufferPolicy {
     PatriciaTriePolicy(const MmappedBuffer *const buffer)
             : mBuffer(buffer), mHeaderPolicy(mBuffer->getBuffer(), buffer->getBufferSize()),
               mDictRoot(mBuffer->getBuffer() + mHeaderPolicy.getSize()),
+              mDictBufferSize(mBuffer->getBufferSize() - mHeaderPolicy.getSize()),
               mBigramListPolicy(mDictRoot), mShortcutListPolicy(mDictRoot) {}
 
     ~PatriciaTriePolicy() {
@@ -118,6 +119,7 @@ class PatriciaTriePolicy : public DictionaryStructureWithBufferPolicy {
     const MmappedBuffer *const mBuffer;
     const HeaderPolicy mHeaderPolicy;
     const uint8_t *const mDictRoot;
+    const int mDictBufferSize;
     const BigramListPolicy mBigramListPolicy;
     const ShortcutListPolicy mShortcutListPolicy;
author	Keisuke Kuroyanagi <ksk@google.com>	2013-09-25 19:54:31 +0900
committer	Keisuke Kuroyanagi <ksk@google.com>	2013-09-25 19:54:31 +0900
commit	009dcac33f53bb92d0a8b7f0789a26568b04f014 (patch)
tree	adbb2b0f1a6f677762e7ea50d47388ca288fa2c6
parent	4350a93aa5447f92304bea3f8bbf00bbf6c35498 (diff)
download	latinime-009dcac33f53bb92d0a8b7f0789a26568b04f014.tar.gz latinime-009dcac33f53bb92d0a8b7f0789a26568b04f014.tar.xz latinime-009dcac33f53bb92d0a8b7f0789a26568b04f014.zip