New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

utf8makevalid read out of bounds (+ other functions) #117

Open

JPDelprat opened this issue Dec 17, 2023 · 1 comment

JPDelprat commented Dec 17, 2023 •

edited

Hello,
It seems to me that utf8makevalid can read string to modify out of bounds :

while ('\0' != *read) {
if (0xf0 == (0xf8 & read)) {
/ ensure each of the 3 following bytes in this 4-byte
* utf8 codepoint began with 0b10xxxxxx */
if ((0x80 != (0xc0 & read[1])) || (0x80 != (0xc0 & read[2])) ||
(0x80 != (0xc0 & read[3]))) {

=> it seems to me that we cannot be sure that read[1], [2] and [3] are not of bounds.

Regards,

PS : same problem in utf8codepoint and maybe other functions, but this is particularly important for utf8makevalid , because I can have any invaldi string as an input

JPDelprat changed the title ~~utf8makevalid read out of bounds~~ utf8makevalid read out of bounds (+ other functions)

Owner

sheredom commented Dec 23, 2023

Good spot! Would happily accept a PR with testing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment