Skip to content

UTF-8 code makes assumptions about buffer size #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lionkor opened this issue Jul 8, 2024 · 1 comment · Fixed by #589
Closed

UTF-8 code makes assumptions about buffer size #464

lionkor opened this issue Jul 8, 2024 · 1 comment · Fixed by #589

Comments

@lionkor
Copy link

lionkor commented Jul 8, 2024

https://github.com/quickjs-ng/quickjs/blob/master/cutils.c#L247 makes the assumption that the buffer is always at least UTF8_CHAR_LEN_MAX, this is not checked. re_parse_group_name then calls it with a buffer, the size of which is also not checked. This results in a dependency on the buffer supplied to this function that the buffer is at least UTF8_CHAR_LEN_MAX.

I would consider this a soon-to-be-bug at best. I understand that error handling is difficult, but an assert would make sense here at the very least.
@chqrlie
Copy link
Collaborator

chqrlie commented Jul 8, 2024

I agree the definition should enforce a minimum length for the array pointed to by buf:

size_t utf8_encode(uint8_t buf[minimum_length(UTF8_CHAR_LEN_MAX)], uint32_t c)

with minimum_length defined as:

#if target is c99
#define minimum_length(n)  static n
#else
#define minimum_length(n)  n
#endif

bnoordhuis added a commit to bnoordhuis/quickjs that referenced this issue Oct 10, 2024
@bnoordhuis
Enforce buffer length in utf8_encode definition
c468591 
Fixes: quickjs-ng#464
@bnoordhuis bnoordhuis mentioned this issue Oct 10, 2024
Merged
bnoordhuis added a commit that referenced this issue Oct 10, 2024
@bnoordhuis
Enforce buffer length in utf8_encode definition (#589)
6815683 
Fixes: #464
bluesky950520 pushed a commit to bluesky950520/quickjs that referenced this issue Mar 14, 2025
@bnoordhuis
Enforce buffer length in utf8_encode definition (#589)
67f7a5b 
Fixes: quickjs-ng/quickjs#464
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enforce buffer length in utf8_encode definition bnoordhuis/quickjs
2 participants
@chqrlie @lionkor