Репозитории ALT
S: | 2.5-alt0.4 |
5.1: | 1.96-alt7 |
4.1: | 1.96-alt5.M41.1 |
4.0: | 1.96-alt2.6 |
3.0: | |
+backports: | 1.96-alt0.M30.1 |
Другие репозитории
Upstream: | 1.96-beta |
Группа :: Звук
Пакет: festival
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: 22-hts-buffer-bounds-check.diff
Скачать
Скачать
Description: HTS engine does not check buffer bounds in some functions.
This patch adds bounds checking to prevent writing past the end of the buffer.
Author: Peter Drysdale <drysdalepete@gmail.com>
--- a/src/modules/hts_engine/HTS_engine.c
+++ b/src/modules/hts_engine/HTS_engine.c
@@ -467,7 +467,7 @@
}
/* HTS_Engine_synthesize_from_strings: synthesize speech from strings */
-HTS_Boolean HTS_Engine_synthesize_from_strings(HTS_Engine * engine, char **lines, size_t num_lines)
+HTS_Boolean HTS_Engine_synthesize_from_strings(HTS_Engine * engine, const char **lines, size_t num_lines)
{
HTS_Engine_refresh(engine);
HTS_Label_load_from_strings(&engine->label, engine->condition.sampling_frequency, engine->condition.fperiod, lines, num_lines);
--- a/src/modules/hts_engine/HTS_engine.h
+++ b/src/modules/hts_engine/HTS_engine.h
@@ -427,7 +427,7 @@
HTS_Boolean HTS_Engine_synthesize_from_fn(HTS_Engine * engine, const char *fn);
/* HTS_Engine_synthesize_from_strings: synthesize speech from string list */
-HTS_Boolean HTS_Engine_synthesize_from_strings(HTS_Engine * engine, char **lines, size_t num_lines);
+HTS_Boolean HTS_Engine_synthesize_from_strings(HTS_Engine * engine, const char **lines, size_t num_lines);
/* HTS_Engine_save_information: save trace information */
void HTS_Engine_save_information(HTS_Engine * engine, FILE * fp);
--- a/src/modules/hts_engine/HTS_hidden.h
+++ b/src/modules/hts_engine/HTS_hidden.h
@@ -117,16 +117,16 @@
size_t HTS_fwrite_little_endian(const void *buf, size_t size, size_t n, FILE * fp);
/* HTS_get_pattern_token: get pattern token (single/double quote can be used) */
-HTS_Boolean HTS_get_pattern_token(HTS_File * fp, char *buff);
+HTS_Boolean HTS_get_pattern_token(HTS_File * fp, char *buff, int bufflen);
/* HTS_get_token: get token from file pointer (separators are space,tab,line break) */
-HTS_Boolean HTS_get_token_from_fp(HTS_File * fp, char *buff);
+HTS_Boolean HTS_get_token_from_fp(HTS_File * fp, char *buff, int bufflen);
/* HTS_get_token: get token from file pointer with specified separator */
HTS_Boolean HTS_get_token_from_fp_with_separator(HTS_File * fp, char *buff, char separator);
/* HTS_get_token_from_string: get token from string (separator are space,tab,line break) */
-HTS_Boolean HTS_get_token_from_string(const char *string, size_t * index, char *buff);
+HTS_Boolean HTS_get_token_from_string(const char *string, size_t * index, char *buff, int bufflen);
/* HTS_get_token_from_string_with_separator: get token from string with specified separator */
HTS_Boolean HTS_get_token_from_string_with_separator(const char *str, size_t * index, char *buff, char separator);
@@ -248,7 +248,7 @@
void HTS_Label_load_from_fn(HTS_Label * label, size_t sampling_rate, size_t fperiod, const char *fn);
/* HTS_Label_load_from_strings: load label list from string list */
-void HTS_Label_load_from_strings(HTS_Label * label, size_t sampling_rate, size_t fperiod, char **lines, size_t num_lines);
+void HTS_Label_load_from_strings(HTS_Label * label, size_t sampling_rate, size_t fperiod, const char **lines, size_t num_lines);
/* HTS_Label_get_size: get number of label string */
size_t HTS_Label_get_size(HTS_Label * label);
--- a/src/modules/hts_engine/HTS_misc.c
+++ b/src/modules/hts_engine/HTS_misc.c
@@ -333,7 +333,7 @@
}
/* HTS_get_pattern_token: get pattern token (single/double quote can be used) */
-HTS_Boolean HTS_get_pattern_token(HTS_File * fp, char *buff)
+HTS_Boolean HTS_get_pattern_token(HTS_File * fp, char *buff, int bufflen)
{
char c;
size_t i;
@@ -369,7 +369,7 @@
}
i = 0;
- while (1) {
+ while (i<bufflen) {
buff[i++] = c;
c = HTS_fgetc(fp);
if (squote && c == '\'')
@@ -386,12 +386,16 @@
}
}
+ if (i == bufflen) {
+ HTS_error(2,"HTS_get_pattern_token: Buffer overflow.\n");
+ }
+
buff[i] = '\0';
return TRUE;
}
/* HTS_get_token: get token from file pointer (separators are space, tab, and line break) */
-HTS_Boolean HTS_get_token_from_fp(HTS_File * fp, char *buff)
+HTS_Boolean HTS_get_token_from_fp(HTS_File * fp, char *buff, int bufflen)
{
char c;
size_t i;
@@ -407,7 +411,7 @@
return FALSE;
}
- for (i = 0; c != ' ' && c != '\n' && c != '\t';) {
+ for (i = 0; c != ' ' && c != '\n' && c != '\t' && (i<bufflen);) {
buff[i++] = c;
if (HTS_feof(fp))
break;
@@ -416,6 +420,10 @@
break;
}
+ if (i == bufflen) {
+ HTS_error(2,"HTS_get_token: Buffer overflow.\n");
+ }
+
buff[i] = '\0';
return TRUE;
}
@@ -451,7 +459,7 @@
}
/* HTS_get_token_from_string: get token from string (separators are space, tab, and line break) */
-HTS_Boolean HTS_get_token_from_string(const char *string, size_t * index, char *buff)
+HTS_Boolean HTS_get_token_from_string(const char *string, size_t * index, char *buff, int bufflen)
{
char c;
size_t i;
@@ -467,11 +475,15 @@
return FALSE;
c = string[(*index)++];
}
- for (i = 0; c != ' ' && c != '\n' && c != '\t' && c != '\0'; i++) {
+ for (i = 0; c != ' ' && c != '\n' && c != '\t' && c != '\0' && (i<bufflen); i++) {
buff[i] = c;
c = string[(*index)++];
}
+ if (i == bufflen) {
+ HTS_error(2,"HTS_get_token_from_string: Buffer overflow.\n");
+ }
+
buff[i] = '\0';
return TRUE;
}
@@ -480,7 +492,7 @@
HTS_Boolean HTS_get_token_from_string_with_separator(const char *str, size_t * index, char *buff, char separator)
{
char c;
- size_t start;
+ /*size_t start;*/
size_t len = 0;
if (str == NULL)
@@ -495,7 +507,7 @@
(*index)++;
c = str[(*index)];
}
- start = (*index);
+ /*start = (*index);*/
while (c != separator && c != '\0') {
buff[len++] = c;
(*index)++;
--- a/src/modules/hts_engine/HTS_model.c
+++ b/src/modules/hts_engine/HTS_model.c
@@ -194,12 +194,12 @@
HTS_Question_clear(question);
/* get question name */
- if (HTS_get_pattern_token(fp, buff) == FALSE)
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE)
return FALSE;
question->string = HTS_strdup(buff);
/* get pattern list */
- if (HTS_get_pattern_token(fp, buff) == FALSE) {
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE) {
HTS_Question_clear(question);
return FALSE;
}
@@ -207,7 +207,7 @@
last_pattern = NULL;
if (strcmp(buff, "{") == 0) {
while (1) {
- if (HTS_get_pattern_token(fp, buff) == FALSE) {
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE) {
HTS_Question_clear(question);
return FALSE;
}
@@ -218,7 +218,7 @@
question->head = pattern;
pattern->string = HTS_strdup(buff);
pattern->next = NULL;
- if (HTS_get_pattern_token(fp, buff) == FALSE) {
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE) {
HTS_Question_clear(question);
return FALSE;
}
@@ -358,7 +358,7 @@
if (tree == NULL || fp == NULL)
return FALSE;
- if (HTS_get_pattern_token(fp, buff) == FALSE) {
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE) {
HTS_Tree_clear(tree);
return FALSE;
}
@@ -367,14 +367,14 @@
tree->root = last_node = node;
if (strcmp(buff, "{") == 0) {
- while (HTS_get_pattern_token(fp, buff) == TRUE && strcmp(buff, "}") != 0) {
+ while (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == TRUE && strcmp(buff, "}") != 0) {
node = HTS_Node_find(last_node, atoi(buff));
if (node == NULL) {
HTS_error(0, "HTS_Tree_load: Cannot find node %d.\n", atoi(buff));
HTS_Tree_clear(tree);
return FALSE;
}
- if (HTS_get_pattern_token(fp, buff) == FALSE) {
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE) {
HTS_Tree_clear(tree);
return FALSE;
}
@@ -389,7 +389,7 @@
HTS_Node_initialize(node->yes);
HTS_Node_initialize(node->no);
- if (HTS_get_pattern_token(fp, buff) == FALSE) {
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE) {
node->quest = NULL;
free(node->yes);
free(node->no);
@@ -403,7 +403,7 @@
node->no->next = last_node;
last_node = node->no;
- if (HTS_get_pattern_token(fp, buff) == FALSE) {
+ if (HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN) == FALSE) {
node->quest = NULL;
free(node->yes);
free(node->no);
@@ -495,7 +495,7 @@
win->coefficient = (double **) HTS_calloc(win->size, sizeof(double *));
/* set delta coefficents */
for (i = 0; i < win->size; i++) {
- if (HTS_get_token_from_fp(fp[i], buff) == FALSE) {
+ if (HTS_get_token_from_fp(fp[i], buff, HTS_MAXBUFLEN) == FALSE) {
result = FALSE;
fsize = 1;
} else {
@@ -508,7 +508,7 @@
/* read coefficients */
win->coefficient[i] = (double *) HTS_calloc(fsize, sizeof(double));
for (j = 0; j < fsize; j++) {
- if (HTS_get_token_from_fp(fp[i], buff) == FALSE) {
+ if (HTS_get_token_from_fp(fp[i], buff, HTS_MAXBUFLEN) == FALSE) {
result = FALSE;
win->coefficient[i][j] = 0.0;
} else {
@@ -610,7 +610,7 @@
last_question = NULL;
last_tree = NULL;
while (!HTS_feof(fp)) {
- HTS_get_pattern_token(fp, buff);
+ HTS_get_pattern_token(fp, buff, HTS_MAXBUFLEN);
/* parse questions */
if (strcmp(buff, "QS") == 0) {
question = (HTS_Question *) HTS_calloc(1, sizeof(HTS_Question));
--- a/src/modules/hts_engine/HTS_label.c
+++ b/src/modules/hts_engine/HTS_label.c
@@ -116,7 +116,7 @@
}
/* parse label file */
- while (HTS_get_token_from_fp(fp, buff)) {
+ while (HTS_get_token_from_fp(fp, buff, HTS_MAXBUFLEN)) {
if (!isprint((int) buff[0]))
break;
label->size++;
@@ -130,9 +130,9 @@
}
if (isdigit_string(buff)) { /* has frame infomation */
start = atof(buff);
- HTS_get_token_from_fp(fp, buff);
+ HTS_get_token_from_fp(fp, buff, HTS_MAXBUFLEN);
end = atof(buff);
- HTS_get_token_from_fp(fp, buff);
+ HTS_get_token_from_fp(fp, buff, HTS_MAXBUFLEN);
lstring->start = rate * start;
lstring->end = rate * end;
} else {
@@ -154,7 +154,7 @@
}
/* HTS_Label_load_from_strings: load label from strings */
-void HTS_Label_load_from_strings(HTS_Label * label, size_t sampling_rate, size_t fperiod, char **lines, size_t num_lines)
+void HTS_Label_load_from_strings(HTS_Label * label, size_t sampling_rate, size_t fperiod, const char **lines, size_t num_lines)
{
char buff[HTS_MAXBUFLEN];
HTS_LabelString *lstring = NULL;
@@ -182,11 +182,11 @@
}
data_index = 0;
if (isdigit_string(lines[i])) { /* has frame infomation */
- HTS_get_token_from_string(lines[i], &data_index, buff);
+ HTS_get_token_from_string(lines[i], &data_index, buff, HTS_MAXBUFLEN);
start = atof(buff);
- HTS_get_token_from_string(lines[i], &data_index, buff);
+ HTS_get_token_from_string(lines[i], &data_index, buff, HTS_MAXBUFLEN);
end = atof(buff);
- HTS_get_token_from_string(lines[i], &data_index, buff);
+ HTS_get_token_from_string(lines[i], &data_index, buff, HTS_MAXBUFLEN);
lstring->name = HTS_strdup(buff);
lstring->start = rate * start;
lstring->end = rate * end;