On Sat, Sep 05, 2015 at 02:40:12PM +0200, Sebastien Marie wrote:
> We have a missing check in libc function.
>
> RFC 3629 ask for limiting the range to 0x10FFFF:
> https://tools.ietf.org/html/rfc3629#page-10
>
> Currently, passing a c-string with "f7 bf bf bf" to mbrtowc(3) [with
> UTF-8 locale], the function return 4 and make a wchar_t outside 0x10FFFF
> limit.
>
> With the following patch, the limit is checked, and the input is
> considered as invalid.
>
> Comments ? OK ?
OK, thanks.
> --
> Sebastien Marie
>
> Index: citrus_utf8.c
> ===================================================================
> RCS file: /cvs/src/lib/libc/citrus/citrus_utf8.c,v
> retrieving revision 1.8
> diff -u -p -r1.8 citrus_utf8.c
> --- citrus_utf8.c 16 Jan 2015 16:48:51 -0000 1.8
> +++ citrus_utf8.c 5 Sep 2015 12:26:50 -0000
> @@ -169,6 +169,13 @@ _citrus_utf8_ctype_mbrtowc(wchar_t * __r
> errno = EILSEQ;
> return ((size_t)-1);
> }
> + if (wch > 0x10ffff) {
> + /*
> + * Malformed input; invalid code points.
> + */
> + errno = EILSEQ;
> + return ((size_t)-1);
> + }
> if (pwc != NULL)
> *pwc = wch;
> us->want = 0;
