Index: src/lib/utils.h =================================================================== --- src/lib/utils.h (revision 312) +++ src/lib/utils.h (working copy) @@ -9,7 +9,7 @@ #include #endif -#ifdef ARM +#if defined(ARM) || defined(__sparc__) static inline guint32 get_uint32(const gchar *addr) { guint32 result; Index: src/lib/stddict.cpp =================================================================== --- src/lib/stddict.cpp (revision 312) +++ src/lib/stddict.cpp (working copy) @@ -310,8 +310,12 @@ std::auto_ptr mf(new MapFile); if (!mf->open(filename, cachestat.st_size)) return NULL; - - gchar *p = mf->begin(); + guint32 word_off_size = (get_uint32(mf->begin()) + 1) * sizeof(guint32); + if (word_off_size >= cachestat.st_size || + *(mf->begin() + cachestat.st_size - 1) != '\0') + return NULL; + + gchar *p = mf->begin() + word_off_size; gboolean has_prefix; if (cachefiletype == CacheFileType_oft) has_prefix = g_str_has_prefix(p, OFFSETFILE_MAGIC_DATA); @@ -346,7 +350,7 @@ if (atoi(tmpstr.c_str())!=cltfunc) return NULL; } - if (cachestat.st_size!=glong(filedatasize + strlen(mf->begin()) +1)) + if (cachestat.st_size != static_cast(filedatasize + sizeof(guint32) + strlen(mf->begin() + word_off_size) +1)) return NULL; struct stat idxstat; if (g_stat(url.c_str(), &idxstat)!=0) @@ -385,7 +389,7 @@ mf = get_cache_for_load(oftfilename.c_str(), url, saveurl, cltfunc, filedatasize, 2); if (!mf) continue; - wordoffset = (guint32 *)(mf->begin()+strlen(mf->begin())+1); + wordoffset = reinterpret_cast(mf->begin()) + 1; return true; } return false; @@ -427,7 +431,12 @@ if (!mf.open(filename, oftstat.st_size)) { return fopen(filename, "wb"); } - gchar *p = mf.begin(); + guint32 word_off_size = (get_uint32(mf.begin()) + 1) * sizeof(guint32); + if (word_off_size >= oftstat.st_size || + *(mf.begin() + oftstat.st_size - 1) != '\0') + return fopen(filename, "wb"); + + gchar *p = mf.begin() + word_off_size; bool has_prefix; if (cachefiletype == CacheFileType_oft) has_prefix = g_str_has_prefix(p, OFFSETFILE_MAGIC_DATA); @@ -481,6 +490,9 @@ FILE *out= get_cache_for_save(oftfilename.c_str(), saveurl, 2, cfilename, cltfunc); if (!out) continue; + guint32 nentries = npages; + fwrite(&nentries, sizeof(nentries), 1, out); + fwrite(wordoffset, sizeof(guint32), npages, out); if (cachefiletype == CacheFileType_oft) fwrite(OFFSETFILE_MAGIC_DATA, 1, sizeof(OFFSETFILE_MAGIC_DATA)-1, out); else @@ -495,7 +507,6 @@ #endif } fwrite("\n", 1, 2, out); - fwrite(wordoffset, sizeof(guint32), npages, out); fclose(out); g_print("Save cache file: %s\n", cfilename.c_str()); return true;