Next: , Previous: , Up: Installing   [Contents]


B.6 Upgrading from Aspell 0.60.7

To prevent a potentially unbounded buffer over-read, Aspell no longer supports null-terminated UCS-2 and UCS-4 encoded strings with the original C API. Null-terminated 8-bit or UTF-8 encoded strings are still supported, as are UCS-2 and UCS-4 encoded strings when the length is passed in.

As of Aspell 0.60.8 a function from the original API that expects an encoded string as a parameter will return meaningless results (or an error code) if string is null terminated and the encoding is set to ucs-2 or ucs-4. In addition, a single:

ERROR: aspell_speller_check: Null-terminated wide-character strings unsupported when used this way.

will be printed to standard error the first time one of those functions is called.

Application that use null-terminated UCS-2/4 strings should either (1) use the interface intended for working with wide-characters (see Through the C API); or (2) define ASPELL_ENCODE_SETTING_SECURE before including aspell.h. In the latter case is is important that the application explicitly sets the encoding to a known value. Defining ASPELL_ENCODE_SETTING_SECURE and not setting the encoding explicitly or allowing user of the application to set the encoding could result in an unbounded buffer over-read.

If it is necessary to preserve binary compatibility with older versions of Aspell, the easiest thing would be to determine the length of the UCS-2/4 string—in bytes—and pass that in. Due to an implementation detail, existing API functions can be made to work with null-terminated UCS-2/4 strings safely by passing in either -2 or -4 (corresponding to the width of the character type) as the size. Doing so, however, will cause a buffer over-read for unpatched version of Aspell. To avoid this it will be necessary to parse the version string to determine the correct value to use. However, no official support will be provided for the latter method.

If the application can not be recompiled, then Aspell can be configured to preserve the old behavior by passing --enable-sloppy-null-term-strings to configure. When Aspell is compiled this way the version string will include the string ‘ SLOPPY’.


Next: , Previous: , Up: Installing   [Contents]