"Andreas Tille, the Debian WordNet maintainer, noticed a bug in my
patch. The bug is not security related, but causes incorrect behaviour
in WordNet.
I replaced a strncpy(s1, s2, strlen(s2)) with a strcpy forgetting that
strncpy invoked that way would always omit the trailing \0 (as the \0
would always be at strlen(s2) + 1). This resulted in a truncation of
output from WordNet which relied on the previous behavior which it
used to 'patch' s1. I've now adjusted the strncpy to be a memcpy and
added a comment, to make the intent of the code clear. (Using a str*
function when you don't wish any handling of \0 is unintuitive to me,
hence my mistake). [..] Apologies for the error."
thanks Rob for the exemplary handling of this advisory. Notifications
to package maintainers and follow-ups are almost unheard-of and very
welcome.
WordNet stack and heap overflows. Thanks to Rob Holland
of oCERT for contacting us with the advisory.
- housekeeping: regenerate PLIST, move to Tcl/Tk 8.5,
use SUBST_CMD macro rather than hand-rolled command.
WordNet is a large lexical database of English, developed under the
direction of George A. Miller. Nouns, verbs, adjectives and adverbs
are grouped into sets of cognitive synonyms (synsets), each expressing
a distinct concept. Synsets are interlinked by means of conceptual-semantic
and lexical relations. The resulting network of meaningfully related
words and concepts can be navigated with the browser. WordNet is
also freely and publicly available for download. WordNet's structure
makes it a useful tool for computational linguistics and natural
language processing.
ok merdely@
