summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSergio Giro2016-06-28 12:02:29 -0500
committerSergio Giro2016-07-11 04:46:32 -0500
commitc4966a363e46d2e1074d1a365e232af0dcedd6a1 (patch)
tree48a3f3120553257297f7f2d3f4a4162100531a0b /libutils/String8.cpp
parent34ae543dc3b9c577c39eb9d7063e2f72747f5d26 (diff)
downloadplatform-system-core-c4966a363e46d2e1074d1a365e232af0dcedd6a1.tar.gz
platform-system-core-c4966a363e46d2e1074d1a365e232af0dcedd6a1.tar.xz
platform-system-core-c4966a363e46d2e1074d1a365e232af0dcedd6a1.zip
libutils/Unicode.cpp: Correct length computation and add checks for utf16->utf8
Inconsistent behaviour between utf16_to_utf8 and utf16_to_utf8_length is causing a heap overflow. Correcting the length computation and adding bound checks to the conversion functions. Test: ran libutils_tests Bug: 29250543 Change-Id: I6115e3357141ed245c63c6eb25fc0fd0a9a7a2bb
Diffstat (limited to 'libutils/String8.cpp')
-rw-r--r--libutils/String8.cpp25
1 files changed, 13 insertions, 12 deletions
diff --git a/libutils/String8.cpp b/libutils/String8.cpp
index 771d31266..755e0d1e8 100644
--- a/libutils/String8.cpp
+++ b/libutils/String8.cpp
@@ -104,20 +104,21 @@ static char* allocFromUTF16(const char16_t* in, size_t len)
104{ 104{
105 if (len == 0) return getEmptyString(); 105 if (len == 0) return getEmptyString();
106 106
107 const ssize_t bytes = utf16_to_utf8_length(in, len); 107 // Allow for closing '\0'
108 if (bytes < 0) { 108 const ssize_t resultStrLen = utf16_to_utf8_length(in, len) + 1;
109 if (resultStrLen < 1) {
109 return getEmptyString(); 110 return getEmptyString();
110 } 111 }
111 112
112 SharedBuffer* buf = SharedBuffer::alloc(bytes+1); 113 SharedBuffer* buf = SharedBuffer::alloc(resultStrLen);
113 ALOG_ASSERT(buf, "Unable to allocate shared buffer"); 114 ALOG_ASSERT(buf, "Unable to allocate shared buffer");
114 if (!buf) { 115 if (!buf) {
115 return getEmptyString(); 116 return getEmptyString();
116 } 117 }
117 118
118 char* str = (char*)buf->data(); 119 char* resultStr = (char*)buf->data();
119 utf16_to_utf8(in, len, str); 120 utf16_to_utf8(in, len, resultStr, resultStrLen);
120 return str; 121 return resultStr;
121} 122}
122 123
123static char* allocFromUTF32(const char32_t* in, size_t len) 124static char* allocFromUTF32(const char32_t* in, size_t len)
@@ -126,21 +127,21 @@ static char* allocFromUTF32(const char32_t* in, size_t len)
126 return getEmptyString(); 127 return getEmptyString();
127 } 128 }
128 129
129 const ssize_t bytes = utf32_to_utf8_length(in, len); 130 const ssize_t resultStrLen = utf32_to_utf8_length(in, len) + 1;
130 if (bytes < 0) { 131 if (resultStrLen < 1) {
131 return getEmptyString(); 132 return getEmptyString();
132 } 133 }
133 134
134 SharedBuffer* buf = SharedBuffer::alloc(bytes+1); 135 SharedBuffer* buf = SharedBuffer::alloc(resultStrLen);
135 ALOG_ASSERT(buf, "Unable to allocate shared buffer"); 136 ALOG_ASSERT(buf, "Unable to allocate shared buffer");
136 if (!buf) { 137 if (!buf) {
137 return getEmptyString(); 138 return getEmptyString();
138 } 139 }
139 140
140 char* str = (char*) buf->data(); 141 char* resultStr = (char*) buf->data();
141 utf32_to_utf8(in, len, str); 142 utf32_to_utf8(in, len, resultStr, resultStrLen);
142 143
143 return str; 144 return resultStr;
144} 145}
145 146
146// --------------------------------------------------------------------------- 147// ---------------------------------------------------------------------------