Skip to content

UTF-8 code makes assumptions about buffer size #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
lionkor opened this issue Jul 8, 2024 · 1 comment · Fixed by #589
Closed

UTF-8 code makes assumptions about buffer size #464

lionkor opened this issue Jul 8, 2024 · 1 comment · Fixed by #589

Comments

@lionkor
Copy link

lionkor commented Jul 8, 2024

https://github.com/quickjs-ng/quickjs/blob/master/cutils.c#L247 makes the assumption that the buffer is always at least UTF8_CHAR_LEN_MAX, this is not checked. re_parse_group_name then calls it with a buffer, the size of which is also not checked. This results in a dependency on the buffer supplied to this function that the buffer is at least UTF8_CHAR_LEN_MAX.

I would consider this a soon-to-be-bug at best. I understand that error handling is difficult, but an assert would make sense here at the very least.

@chqrlie
Copy link
Collaborator

chqrlie commented Jul 8, 2024

I agree the definition should enforce a minimum length for the array pointed to by buf:

size_t utf8_encode(uint8_t buf[minimum_length(UTF8_CHAR_LEN_MAX)], uint32_t c)

with minimum_length defined as:

#if target is c99
#define minimum_length(n)  static n
#else
#define minimum_length(n)  n
#endif

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants