summaryrefslogtreecommitdiff
path: root/src/multibyte/internal.h
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-04-08 22:29:46 -0400
committerRich Felker <dalias@aerifal.cx>2013-04-08 22:29:46 -0400
commit8f06ab0eb9c22998a47803938588bb0b13092a0b (patch)
tree2c8ff15b4561b21a44d7187cca1fc871eb2cb372 /src/multibyte/internal.h
parentbcd9302508e5b89cfdcf2a2acebdf05d88d7479e (diff)
downloadmusl-8f06ab0eb9c22998a47803938588bb0b13092a0b.tar.gz
musl-8f06ab0eb9c22998a47803938588bb0b13092a0b.tar.bz2
musl-8f06ab0eb9c22998a47803938588bb0b13092a0b.tar.xz
musl-8f06ab0eb9c22998a47803938588bb0b13092a0b.zip
fix out-of-bounds access in UTF-8 decoding
SA and SB are used as the lowest and highest valid starter bytes, but the value of SB was one-past the last valid starter. this caused access past the end of the state table when the illegal byte '\xf5' was encountered in a starter position. the error did not show up in full-character decoding tests, since the bogus state read from just past the table was unlikely to admit any continuation bytes as valid, but would have shown up had we tested feeding '\xf5' to the byte-at-a-time decoding in mbrtowc: it would cause the funtion to wrongly return -2 rather than -1. I may eventually go back and remove all references to SA and SB, replacing them with the values; this would make the code more transparent, I think. the original motivation for using macros was to allow misguided users of the code to redefine them for the purpose of enlarging the set of accepted sequences past the end of Unicode...
Diffstat (limited to 'src/multibyte/internal.h')
-rw-r--r--src/multibyte/internal.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/multibyte/internal.h b/src/multibyte/internal.h
index cd1196ba..25ba240e 100644
--- a/src/multibyte/internal.h
+++ b/src/multibyte/internal.h
@@ -19,4 +19,4 @@ extern const uint32_t bittab[] ATTR_LIBC_VISIBILITY;
#define FAILSTATE R(0x80,0x80)
#define SA 0xc2u
-#define SB 0xf5u
+#define SB 0xf4u