Next: Upgrading from Aspell 0.50, Previous: Using 32-Bit Dictionaries on a 64-Bit System, Up: Installing [Contents]
To prevent a potentially unbounded buffer over-read, Aspell no longer supports null-terminated UCS-2 and UCS-4 encoded strings with the original C API. Null-terminated 8-bit or UTF-8 encoded strings are still supported, as are UCS-2 and UCS-4 encoded strings when the length is passed in.
As of Aspell 0.60.8 a function from the original API that expects an
encoded string as a parameter will return meaningless results (or an
error code) if string is null terminated and the encoding is set to
ucs-2 or ucs-4. In addition, a single:
ERROR: aspell_speller_check: Null-terminated wide-character strings unsupported when used this way.
will be printed to standard error the first time one of those functions is called.
Application that use null-terminated UCS-2/4 strings should either (1)
use the interface intended for working with wide-characters
(see Through the C API); or (2) define
ASPELL_ENCODE_SETTING_SECURE before including aspell.h.
In the latter case is is important that the application explicitly
sets the encoding to a known value. Defining
ASPELL_ENCODE_SETTING_SECURE and not setting the encoding
explicitly or allowing user of the application to set the encoding
could result in an unbounded buffer over-read.
If it is necessary to preserve binary compatibility with older
versions of Aspell, the easiest thing would be to determine the length
of the UCS-2/4 string—in bytes—and pass that in. Due to an
implementation detail, existing API functions can be made to work with
null-terminated UCS-2/4 strings safely by passing in either -2
or -4 (corresponding to the width of the character type) as the
size. Doing so, however, will cause a buffer over-read for unpatched
version of Aspell. To avoid this it will be necessary to parse the
version string to determine the correct value to use. However, no
official support will be provided for the latter method.
If the application can not be recompiled, then Aspell can be configured
to preserve the old behavior by passing
--enable-sloppy-null-term-strings to configure. When Aspell
is compiled this way the version string will include the string
‘ SLOPPY’.
Next: Upgrading from Aspell 0.50, Previous: Using 32-Bit Dictionaries on a 64-Bit System, Up: Installing [Contents]