perl/perl-5.29.1-utf8.c-Make-safer-a-deprecated-function.patch

50 lines
2.0 KiB
Diff
Raw Normal View History

From 016c8ffcc6c9d41d145035ef5df607568880e3b3 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Tue, 24 Jul 2018 17:20:08 -0600
Subject: [PATCH] utf8.c: Make safer a deprecated function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This function is only called from deprecated functions, but they may be
moved to ppport.h. It is lacking a length parameter, so malformed UTF-8
may cause it to read beyond the buffer. This commit causes it to not
read beyond a NUL character, which makes it safe for the common case
that the input is a C string.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
utf8.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/utf8.c b/utf8.c
index 8471fb8093..3062f58338 100644
--- a/utf8.c
+++ b/utf8.c
@@ -3100,7 +3100,9 @@ S_is_utf8_common(pTHX_ const U8 *const p, SV **swash,
* Note that it is assumed that the buffer length of <p> is enough to
* contain all the bytes that comprise the character. Thus, <*p> should
* have been checked before this call for mal-formedness enough to assure
- * that. */
+ * that. This function, does make sure to not look past any NUL, so it is
+ * safe to use on C, NUL-terminated, strings */
+ STRLEN len = my_strnlen((char *) p, UTF8SKIP(p));
PERL_ARGS_ASSERT_IS_UTF8_COMMON;
@@ -3109,9 +3111,8 @@ S_is_utf8_common(pTHX_ const U8 *const p, SV **swash,
* as far as there being enough bytes available in it to accommodate the
* character without reading beyond the end, and pass that number on to the
* validating routine */
- if (! isUTF8_CHAR(p, p + UTF8SKIP(p))) {
- _force_out_malformed_utf8_message(p, p + UTF8SKIP(p),
- _UTF8_NO_CONFIDENCE_IN_CURLEN,
+ if (! isUTF8_CHAR(p, p + len)) {
+ _force_out_malformed_utf8_message(p, p + len, _UTF8_NO_CONFIDENCE_IN_CURLEN,
1 /* Die */ );
NOT_REACHED; /* NOTREACHED */
}
--
2.14.4