sandey/blender
1
0
Fork 0
forked from bartvdbraak/blender
Code Pull Requests Activity

Fix potential buffer overflow in BLI_strncpy_wchar_as_utf8().

Browse Source
This commit is contained in:
Bastien Montagne 2015-02-26 11:20:47 +01:00
parent 8197f0bb64
commit 88facb8876
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
source/blender/blenlib/intern/string_utf8.c
View File

@ -249,6 +249,7 @@ char *BLI_strncat_utf8(char *__restrict dst, const char *__restrict src, size_t
size_t BLI_strncpy_wchar_as_utf8(char *__restrict dst, const wchar_t *__restrict src, const size_t maxncpy)
{
const size_t maxlen = maxncpy - 1;
const size_t maxlen_secured = ((int)maxlen - 6) < 0 ? 0 : maxlen - 6; /* 6 is max utf8 length of an unicode char. */
size_t len = 0;
BLI_assert(maxncpy != 0);
@ -257,10 +258,23 @@ size_t BLI_strncpy_wchar_as_utf8(char *__restrict dst, const wchar_t *__restrict
memset(dst, 0xff, sizeof(*dst) * maxncpy);
#endif
while (*src && len < maxlen) { /* XXX can still run over the buffer because utf8 size isn't known :| */
while (*src && len < maxlen_secured) {
len += BLI_str_utf8_from_unicode((unsigned int)*src++, dst + len);
}
/* We have to be more careful for the last six bytes, to avoid buffer overflow in case utf8-encoded char
* would be too long for our dst buffer. */
while (*src) {
char t[6];
size_t l = BLI_str_utf8_from_unicode((unsigned int)*src++, t);
BLI_assert(l <= 6);
if (len + l >= maxlen) {
break;
}
memcpy(dst + len, t, l);
len += l;
}
dst[len] = '\0';
return len;