Changeset 1248

Timestamp:

10/27/06 22:22:48 (7 years ago)

Author:

sam

Message:

• Fix a buffer overflow in the utf-8 cucul_import().

File:

• libcaca/trunk/cucul/import.c (modified) (2 diffs)

libcaca/trunk/cucul/import.c

@@ -407 +407 @@
         {
             unsigned int bytes;
-            /* Probably a wrong thing */
-            if(((char const *)(buffer + i))[0] == 0)
+
+            if(i + 6 < size)
+                ch = cucul_utf8_to_utf32((char const *)(buffer + i), &bytes);
+            else
             {
-                goto end;
+                /* Add a trailing zero to what we're going to read */
+                char tmp[7];
+                memcpy(tmp, buffer + i, size - i);
+                tmp[size - i] = '\0';
+                ch = cucul_utf8_to_utf32(tmp, &bytes);
             }
-            ch = cucul_utf8_to_utf32((char const *)(buffer + i), &bytes);
+
+            if(!bytes)
+            {
+                /* If the Unicode is invalid, assume it was latin1. */
+                ch = buffer[i];
+                bytes = 1;
+            }
             wch = cucul_utf32_is_fullwidth(ch) ? 2 : 1;
             skip += bytes - 1;
@@ -445 +457 @@
         cucul_set_canvas_size(cv, width, height = y);
     }
- end:
+
     return cv;
 }