From 559be8aab4a0e666fa6fc9104570c9c9d3c54f12 Mon Sep 17 00:00:00 2001 From: Ankith <46915066+ankith26@users.noreply.github.com> Date: Mon, 15 Mar 2021 15:18:10 +0530 Subject: [PATCH] fix invalid out of bounds UTF8 handling --- src/stdlib/SDL_iconv.c | 53 ++---------------------------------------- 1 file changed, 2 insertions(+), 51 deletions(-) diff --git a/src/stdlib/SDL_iconv.c b/src/stdlib/SDL_iconv.c index f360aa2af..004e7741c 100644 --- a/src/stdlib/SDL_iconv.c +++ b/src/stdlib/SDL_iconv.c @@ -369,33 +369,7 @@ SDL_iconv(SDL_iconv_t cd, Uint8 *p = (Uint8 *) src; size_t left = 0; SDL_bool overlong = SDL_FALSE; - if (p[0] >= 0xFC) { - if ((p[0] & 0xFE) != 0xFC) { - /* Skip illegal sequences - return SDL_ICONV_EILSEQ; - */ - ch = UNKNOWN_UNICODE; - } else { - if (p[0] == 0xFC && srclen > 1 && (p[1] & 0xFC) == 0x80) { - overlong = SDL_TRUE; - } - ch = (Uint32) (p[0] & 0x01); - left = 5; - } - } else if (p[0] >= 0xF8) { - if ((p[0] & 0xFC) != 0xF8) { - /* Skip illegal sequences - return SDL_ICONV_EILSEQ; - */ - ch = UNKNOWN_UNICODE; - } else { - if (p[0] == 0xF8 && srclen > 1 && (p[1] & 0xF8) == 0x80) { - overlong = SDL_TRUE; - } - ch = (Uint32) (p[0] & 0x03); - left = 4; - } - } else if (p[0] >= 0xF0) { + if (p[0] >= 0xF0) { if ((p[0] & 0xF8) != 0xF0) { /* Skip illegal sequences return SDL_ICONV_EILSEQ; @@ -670,7 +644,7 @@ SDL_iconv(SDL_iconv_t cd, p[2] = 0x80 | (Uint8) (ch & 0x3F); dst += 3; dstlen -= 3; - } else if (ch <= 0x1FFFFF) { + } else { if (dstlen < 4) { return SDL_ICONV_E2BIG; } @@ -680,29 +654,6 @@ SDL_iconv(SDL_iconv_t cd, p[3] = 0x80 | (Uint8) (ch & 0x3F); dst += 4; dstlen -= 4; - } else if (ch <= 0x3FFFFFF) { - if (dstlen < 5) { - return SDL_ICONV_E2BIG; - } - p[0] = 0xF8 | (Uint8) ((ch >> 24) & 0x03); - p[1] = 0x80 | (Uint8) ((ch >> 18) & 0x3F); - p[2] = 0x80 | (Uint8) ((ch >> 12) & 0x3F); - p[3] = 0x80 | (Uint8) ((ch >> 6) & 0x3F); - p[4] = 0x80 | (Uint8) (ch & 0x3F); - dst += 5; - dstlen -= 5; - } else { - if (dstlen < 6) { - return SDL_ICONV_E2BIG; - } - p[0] = 0xFC | (Uint8) ((ch >> 30) & 0x01); - p[1] = 0x80 | (Uint8) ((ch >> 24) & 0x3F); - p[2] = 0x80 | (Uint8) ((ch >> 18) & 0x3F); - p[3] = 0x80 | (Uint8) ((ch >> 12) & 0x3F); - p[4] = 0x80 | (Uint8) ((ch >> 6) & 0x3F); - p[5] = 0x80 | (Uint8) (ch & 0x3F); - dst += 6; - dstlen -= 6; } } break;