From c5854519743f553dcf825b8b047bb62fa89258ca Mon Sep 17 00:00:00 2001
From: Alois Treindl <alois@astro.ch>
Date: Mon, 1 Feb 2021 18:12:45 +0100
Subject: [PATCH 1/2] In line 869: offset = i + 1 - strlen (match); offset can
 become -1, which leads to an illegale memory write to matchrepl[-1] further
 down. The problem appears when I use a Turkish dictionary, and the error may
 caused by bad data in the dictionary hyph_tr.dic from
 https://github.com/Slyneth/hunspell-hyphenation-turkish

---
 hyphen.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hyphen.c b/hyphen.c
index 9f2b711..5f66c2c 100644
--- a/hyphen.c
+++ b/hyphen.c
@@ -882,6 +882,7 @@ int hnj_hyphen_hyph_(HyphenDict *dict, const char *word, int word_size,
       if (match)
 	{
 	  offset = i + 1 - strlen (match);
+	  if (offset < 0) offsent = 0;	// happens with hyph_tr.dic
 #ifdef VERBOSE
 	  for (k = 0; k < offset; k++)
 	    putchar (' ');

From 9a8914726502cbae28a0bc77076c599bf8d2ddd8 Mon Sep 17 00:00:00 2001
From: Alois Treindl <alois@astro.ch>
Date: Mon, 1 Feb 2021 18:20:11 +0100
Subject: [PATCH 2/2] fixed typo in last commit

---
 hyphen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hyphen.c b/hyphen.c
index 5f66c2c..9393932 100644
--- a/hyphen.c
+++ b/hyphen.c
@@ -882,7 +882,7 @@ int hnj_hyphen_hyph_(HyphenDict *dict, const char *word, int word_size,
       if (match)
 	{
 	  offset = i + 1 - strlen (match);
-	  if (offset < 0) offsent = 0;	// happens with hyph_tr.dic
+	  if (offset < 0) offset = 0;	// happens with hyph_tr.dic
 #ifdef VERBOSE
 	  for (k = 0; k < offset; k++)
 	    putchar (' ');