From 016c8ffcc6c9d41d145035ef5df607568880e3b3 Mon Sep 17 00:00:00 2001 From: Karl Williamson Date: Tue, 24 Jul 2018 17:20:08 -0600 Subject: [PATCH] utf8.c: Make safer a deprecated function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This function is only called from deprecated functions, but they may be moved to ppport.h. It is lacking a length parameter, so malformed UTF-8 may cause it to read beyond the buffer. This commit causes it to not read beyond a NUL character, which makes it safe for the common case that the input is a C string. Signed-off-by: Petr Písař --- utf8.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/utf8.c b/utf8.c index 8471fb8093..3062f58338 100644 --- a/utf8.c +++ b/utf8.c @@ -3100,7 +3100,9 @@ S_is_utf8_common(pTHX_ const U8 *const p, SV **swash, * Note that it is assumed that the buffer length of

is enough to * contain all the bytes that comprise the character. Thus, <*p> should * have been checked before this call for mal-formedness enough to assure - * that. */ + * that. This function, does make sure to not look past any NUL, so it is + * safe to use on C, NUL-terminated, strings */ + STRLEN len = my_strnlen((char *) p, UTF8SKIP(p)); PERL_ARGS_ASSERT_IS_UTF8_COMMON; @@ -3109,9 +3111,8 @@ S_is_utf8_common(pTHX_ const U8 *const p, SV **swash, * as far as there being enough bytes available in it to accommodate the * character without reading beyond the end, and pass that number on to the * validating routine */ - if (! isUTF8_CHAR(p, p + UTF8SKIP(p))) { - _force_out_malformed_utf8_message(p, p + UTF8SKIP(p), - _UTF8_NO_CONFIDENCE_IN_CURLEN, + if (! isUTF8_CHAR(p, p + len)) { + _force_out_malformed_utf8_message(p, p + len, _UTF8_NO_CONFIDENCE_IN_CURLEN, 1 /* Die */ ); NOT_REACHED; /* NOTREACHED */ } -- 2.14.4