http://bugs.gentoo.org/show_bug.cgi?id=265792

by Tiago Cunha

diff -ru stardict-3.0.1.orig/src/lib/getuint32.h stardict-3.0.1/src/lib/getuint32.h
--- stardict-3.0.1.orig/src/lib/getuint32.h	2010-03-11 21:25:04.349799973 +0000
+++ stardict-3.0.1/src/lib/getuint32.h	2010-03-11 21:46:59.029797974 +0000
@@ -1,7 +1,9 @@
 #ifndef _SD_GET_UINT32_H_
 #define _SD_GET_UINT32_H_
 
-#ifdef ARM
+#include <string.h>
+
+#if defined(ARM) || defined(__sparc__)
 static inline guint32 get_uint32(const gchar *addr)
 {
 	guint32 result;
diff -ru stardict-3.0.1.orig/src/lib/stddict.cpp stardict-3.0.1/src/lib/stddict.cpp
--- stardict-3.0.1.orig/src/lib/stddict.cpp	2010-03-11 21:25:04.339799373 +0000
+++ stardict-3.0.1/src/lib/stddict.cpp	2010-03-11 21:53:30.415449981 +0000
@@ -260,8 +260,12 @@
 		delete mf;
 		return NULL;
 	}
-
-	gchar *p = mf->begin();
+ 	guint32  word_off_size = (get_uint32(mf->begin()) + 1) * sizeof(guint32);
+ 	if (word_off_size >= cachestat.st_size ||
+ 	    *(mf->begin() + cachestat.st_size - 1) != '\0')
+ 		return NULL;
+ 	
+ 	gchar *p = mf->begin() + word_off_size;
 	gboolean has_prefix;
 	if (cachefiletype == CacheFileType_oft)
 		has_prefix = g_str_has_prefix(p, OFFSETFILE_MAGIC_DATA);
@@ -314,7 +318,7 @@
 			}
 			g_free(tmpstr);
 		}
-		if (cachestat.st_size!=glong(filedatasize + strlen(mf->begin()) +1)) {
+ 		if (cachestat.st_size != static_cast<gulong>(filedatasize + sizeof(guint32) + strlen(mf->begin() + word_off_size) +1)) {
 			delete mf;
 			return NULL;
 		}
@@ -375,7 +379,7 @@
 		mf = get_cache_loadfile(oftfilename.c_str(), url, saveurl, cltfunc, filedatasize, 2);
 		if (!mf)
 			continue;
-		wordoffset = (guint32 *)(mf->begin()+strlen(mf->begin())+1);
+		wordoffset = reinterpret_cast<guint32 *>(mf->begin()) + 1;
 		return true;
 	}
 	return false;
@@ -425,7 +429,12 @@
 	if (!mf.open(filename, oftstat.st_size)) {
 		return fopen(filename, "wb");
 	}
-	gchar *p = mf.begin();
+	guint32  word_off_size = (get_uint32(mf.begin()) + 1) * sizeof(guint32);
+	if (word_off_size >= oftstat.st_size ||
+	    *(mf.begin() + oftstat.st_size - 1) != '\0')
+		return fopen(filename, "wb");
+
+	gchar *p = mf.begin() + word_off_size;
 	bool has_prefix;
 	if (cachefiletype == CacheFileType_oft)
 		has_prefix = g_str_has_prefix(p, OFFSETFILE_MAGIC_DATA);
@@ -506,6 +515,9 @@
 		FILE *out= get_cache_savefile(oftfilename.c_str(), url, 2, cfilename, cltfunc);
 		if (!out)
 			continue;
+		guint32 nentries = npages;
+		fwrite(&nentries, sizeof(nentries), 1, out);
+		fwrite(wordoffset, sizeof(guint32), npages, out);
 		if (cachefiletype == CacheFileType_oft)
 			fwrite(OFFSETFILE_MAGIC_DATA, 1, sizeof(OFFSETFILE_MAGIC_DATA)-1, out);
 		else
@@ -520,7 +532,6 @@
 #endif
 		}
 		fwrite("\n", 1, 2, out);
-		fwrite(wordoffset, sizeof(guint32), npages, out);
 		fclose(out);
 		g_print("Save cache file: %s\n", cfilename.c_str());
 		return true;