From a35d4ce9ccb3eb5903df3d221fdfd9a0d1fb5c37 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Fri, 21 Jun 2019 17:36:59 -0400 Subject: Fix bounds error in utf16_to_utf8 conversion --- libqpdf/QUtil.cc | 2 +- libtests/qtest/qutil/qutil.out | 2 ++ libtests/qutil.cc | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libqpdf/QUtil.cc b/libqpdf/QUtil.cc index c8c23f6a..607c28f7 100644 --- a/libqpdf/QUtil.cc +++ b/libqpdf/QUtil.cc @@ -1955,7 +1955,7 @@ QUtil::utf16_to_utf8(std::string const& val) } // If the string has an odd number of bytes, the last byte is // ignored. - for (size_t i = start; i < len; i += 2) + for (size_t i = start; i + 1 < len; i += 2) { // Convert from UTF16-BE. If we get a malformed // codepoint, this code will generate incorrect output diff --git a/libtests/qtest/qutil/qutil.out b/libtests/qtest/qutil/qutil.out index 2f270226..eb8eaf45 100644 --- a/libtests/qtest/qutil/qutil.out +++ b/libtests/qtest/qutil/qutil.out @@ -53,6 +53,8 @@ HAGOOGAMAGOOGLE: 0 0xdead -> ff fd 0x7fffffff -> ff fd 0x80000000 -> ff fd +π +π ---- utf8_to_ascii ¿Does π have fingers? ?Does ? have fingers? diff --git a/libtests/qutil.cc b/libtests/qutil.cc index 900f0e6f..a5c44fc5 100644 --- a/libtests/qutil.cc +++ b/libtests/qutil.cc @@ -238,6 +238,10 @@ void to_utf16_test() print_utf16(0xdeadUL); print_utf16(0x7fffffffUL); print_utf16(0x80000000UL); + + std::string s(QUtil::utf8_to_utf16("\xcf\x80")); + std::cout << QUtil::utf16_to_utf8(s) << std::endl; + std::cout << QUtil::utf16_to_utf8(s + ".") << std::endl; } void utf8_to_ascii_test() -- cgit v1.2.3-54-g00ecf