utf8.h icon indicating copy to clipboard operation
utf8.h copied to clipboard
verified publisher icon sheredom

utf8makevalid read out of bounds (+ other functions)

Open JPDelprat opened this issue 2 years ago • 1 comments

Hello, It seems to me that utf8makevalid can read string to modify out of bounds :

while ('\0' != *read) { if (0xf0 == (0xf8 & read)) { / ensure each of the 3 following bytes in this 4-byte * utf8 codepoint began with 0b10xxxxxx */ if ((0x80 != (0xc0 & read[1])) || (0x80 != (0xc0 & read[2])) || (0x80 != (0xc0 & read[3]))) {

=> it seems to me that we cannot be sure that read[1], [2] and [3] are not of bounds.

Regards,

PS : same problem in utf8codepoint and maybe other functions, but this is particularly important for utf8makevalid , because I can have any invaldi string as an input

JPDelprat avatar Dec 17 '23 20:12 JPDelprat

Good spot! Would happily accept a PR with testing.

sheredom avatar Dec 23 '23 20:12 sheredom