Fix integer overflow in utf{16,32}_to_utf8_length am: f0a43dede9 am: 33abf90994 am: 789673b15c (d70e582d) · Commits · e / os / android_system_core

libutils/Unicode.cpp

+21 −3

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@
		#include <utils/Unicode.h>

		#include <stddef.h>
		#include <limits.h>

		#if defined(_WIN32)
		# undef nhtol
		@@ -178,7 +179,15 @@ ssize_t utf32_to_utf8_length(const char32_t *src, size_t src_len)
		size_t ret = 0;
		const char32_t *end = src + src_len;
		while (src < end) {
		ret += utf32_codepoint_utf8_length(*src++);
		size_t char_len = utf32_codepoint_utf8_length(*src++);
		if (SSIZE_MAX - char_len < ret) {
		// If this happens, we would overflow the ssize_t type when
		// returning from this function, so we cannot express how
		// long this string is in an ssize_t.
		android_errorWriteLog(0x534e4554, "37723026");
		return -1;
		}
		ret += char_len;
		}
		return ret;
		}
		@@ -438,14 +447,23 @@ ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
		size_t ret = 0;
		const char16_t* const end = src + src_len;
		while (src < end) {
		size_t char_len;
		if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
		&& (*(src + 1) & 0xFC00) == 0xDC00) {
		// surrogate pairs are always 4 bytes.
		ret += 4;
		char_len = 4;
		src += 2;
		} else {
		ret += utf32_codepoint_utf8_length((char32_t) *src++);
		char_len = utf32_codepoint_utf8_length((char32_t)*src++);
		}
		if (SSIZE_MAX - char_len < ret) {
		// If this happens, we would overflow the ssize_t type when
		// returning from this function, so we cannot express how
		// long this string is in an ssize_t.
		android_errorWriteLog(0x534e4554, "37723026");
		return -1;
		}
		ret += char_len;
		}
		return ret;
		}