mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-26 23:46:15 +01:00
guri: Fix UTF-8 validation when escaping URI components
The return value from `g_utf8_get_char_validated()` is a `gunichar`, which is unsigned, so comparing it with `> 0` is always going to return true, even for return values `(gunichar) -1` and `(gunichar) -2`, which indicate errors. Handle them more explicitly. oss-fuzz#26083 Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
parent
4d00344e1f
commit
a4cba75581
@ -420,8 +420,13 @@ _uri_encoder (GString *out,
|
|||||||
|
|
||||||
while (p < end)
|
while (p < end)
|
||||||
{
|
{
|
||||||
if (allow_utf8 && *p >= 0x80 &&
|
gunichar multibyte_utf8_char = 0;
|
||||||
g_utf8_get_char_validated ((gchar *)p, end - p) > 0)
|
|
||||||
|
if (allow_utf8 && *p >= 0x80)
|
||||||
|
multibyte_utf8_char = g_utf8_get_char_validated ((gchar *)p, end - p);
|
||||||
|
|
||||||
|
if (multibyte_utf8_char > 0 &&
|
||||||
|
multibyte_utf8_char != (gunichar) -1 && multibyte_utf8_char != (gunichar) -2)
|
||||||
{
|
{
|
||||||
gint len = g_utf8_skip [*p];
|
gint len = g_utf8_skip [*p];
|
||||||
g_string_append_len (out, (gchar *)p, len);
|
g_string_append_len (out, (gchar *)p, len);
|
||||||
|
@ -466,6 +466,10 @@ test_uri_escape_string (void)
|
|||||||
{ ":+ \\?#", NULL, FALSE, "%3A%2B%20%5C%3F%23" },
|
{ ":+ \\?#", NULL, FALSE, "%3A%2B%20%5C%3F%23" },
|
||||||
{ "a+b:c", "+", FALSE, "a+b%3Ac" },
|
{ "a+b:c", "+", FALSE, "a+b%3Ac" },
|
||||||
{ "a+b:c\303\234", "+", TRUE, "a+b%3Ac\303\234" },
|
{ "a+b:c\303\234", "+", TRUE, "a+b%3Ac\303\234" },
|
||||||
|
/* Incomplete UTF-8 sequence: */
|
||||||
|
{ "\xfc\x3b\xd2", NULL, TRUE, "%FC%3B%D2" },
|
||||||
|
/* Invalid sequence: */
|
||||||
|
{ "\xc3\xb1\xc3\x28", NULL, TRUE, "ñ%C3%28" },
|
||||||
};
|
};
|
||||||
gsize i;
|
gsize i;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user