Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

utf8makevalid read out of bounds (+ other functions) #117

Open
JPDelprat opened this issue Dec 17, 2023 · 1 comment
Open

utf8makevalid read out of bounds (+ other functions) #117

JPDelprat opened this issue Dec 17, 2023 · 1 comment

Comments

@JPDelprat
Copy link

JPDelprat commented Dec 17, 2023

Hello,
It seems to me that utf8makevalid can read string to modify out of bounds :

while ('\0' != *read) {
if (0xf0 == (0xf8 & read)) {
/
ensure each of the 3 following bytes in this 4-byte
* utf8 codepoint began with 0b10xxxxxx */
if ((0x80 != (0xc0 & read[1])) || (0x80 != (0xc0 & read[2])) ||
(0x80 != (0xc0 & read[3]))) {

=> it seems to me that we cannot be sure that read[1], [2] and [3] are not of bounds.

Regards,

PS : same problem in utf8codepoint and maybe other functions, but this is particularly important for utf8makevalid , because I can have any invaldi string as an input

@JPDelprat JPDelprat changed the title utf8makevalid read out of bounds utf8makevalid read out of bounds (+ other functions) Dec 17, 2023
@sheredom
Copy link
Owner

Good spot! Would happily accept a PR with testing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants