Pass back detailed info when UTF-8 check fails at runtime.

git-svn-id: svn://vcs.exim.org/pcre/code/trunk@598 2f5784b3-3f2a-0410-8824-cb99058d5e15

1 files changed, 189 insertions, 68 deletions

diff --git a/pcre_valid_utf8.c b/pcre_valid_utf8.c
index 78a96e1..e158f38 100644
--- a/pcre_valid_utf8.c
+++ b/pcre_valid_utf8.c
@@ -54,42 +54,56 @@ strings. */
 *************************************************/
 
 /* This function is called (optionally) at the start of compile or match, to
-validate that a supposed UTF-8 string is actually valid. The early check means
+check that a supposed UTF-8 string is actually valid. The early check means
 that subsequent code can assume it is dealing with a valid string. The check
-can be turned off for maximum performance, but the consequences of supplying
-an invalid string are then undefined.
+can be turned off for maximum performance, but the consequences of supplying an
+invalid string are then undefined.
 
 Originally, this function checked according to RFC 2279, allowing for values in
 the range 0 to 0x7fffffff, up to 6 bytes long, but ensuring that they were in
 the canonical format. Once somebody had pointed out RFC 3629 to me (it
 obsoletes 2279), additional restrictions were applied. The values are now
 limited to be between 0 and 0x0010ffff, no more than 4 bytes long, and the
-subrange 0xd000 to 0xdfff is excluded.
+subrange 0xd000 to 0xdfff is excluded. However, the format of 5-byte and 6-byte 
+characters is still checked.
+
+From release 8.13 more information about the details of the error are passed 
+back in the error code:
+
+PCRE_UTF8_ERR0   No error
+PCRE_UTF8_ERR1   Missing 1 byte at the end of the string
+PCRE_UTF8_ERR2   Missing 2 bytes at the end of the string
+PCRE_UTF8_ERR3   Missing 3 bytes at the end of the string
+PCRE_UTF8_ERR4   Missing 4 bytes at the end of the string
+PCRE_UTF8_ERR5   Missing 5 bytes at the end of the string
+PCRE_UTF8_ERR6   2nd-byte's two top bits are not 0x80
+PCRE_UTF8_ERR7   3rd-byte's two top bits are not 0x80
+PCRE_UTF8_ERR8   4th-byte's two top bits are not 0x80
+PCRE_UTF8_ERR9   5th-byte's two top bits are not 0x80
+PCRE_UTF8_ERR10  6th-byte's two top bits are not 0x80
+PCRE_UTF8_ERR11  5-byte character is not permitted by RFC 3629
+PCRE_UTF8_ERR12  6-byte character is not permitted by RFC 3629
+PCRE_UTF8_ERR13  4-byte character with value > 0x10ffff is not permitted
+PCRE_UTF8_ERR14  3-byte character with value 0xd000-0xdfff is not permitted
+PCRE_UTF8_ERR15  Overlong 2-byte sequence
+PCRE_UTF8_ERR16  Overlong 3-byte sequence
+PCRE_UTF8_ERR17  Overlong 4-byte sequence
+PCRE_UTF8_ERR18  Overlong 5-byte sequence (won't ever occur)
+PCRE_UTF8_ERR19  Overlong 6-byte sequence (won't ever occur)
+PCRE_UTF8_ERR20  Isolated 0x80 byte (not within UTF-8 character)
+PCRE_UTF8_ERR21  Byte with the illegal value 0xfe or 0xff
 
 Arguments:
   string       points to the string
   length       length of string, or -1 if the string is zero-terminated
+  errp         pointer to an error code variable 
 
 Returns:       < 0    if the string is a valid UTF-8 string
-               >= 0   otherwise; the value is the offset of the bad byte
-
-Bad bytes can be:
-
-  . An isolated byte whose most significant bits are 0x80, because this
-    can only correctly appear within a UTF-8 character;
-
-  . A byte whose most significant bits are 0xc0, but whose other bits indicate
-    that there are more than 3 additional bytes (i.e. an RFC 2279 starting
-    byte, which is no longer valid under RFC 3629);
-
-  .
-
-The returned offset may also be equal to the length of the string; this means
-that one or more bytes is missing from the final UTF-8 character.
+               >= 0   otherwise; the value is the offset of the bad character
 */
 
 int
-_pcre_valid_utf8(USPTR string, int length)
+_pcre_valid_utf8(USPTR string, int length, int *errorcode)
 {
 #ifdef SUPPORT_UTF8
 register USPTR p;
@@ -100,81 +114,188 @@ if (length < 0)
   length = p - string;
   }
 
+*errorcode = PCRE_UTF8_ERR0;
+
 for (p = string; length-- > 0; p++)
   {
-  register int ab;
-  register int c = *p;
-  if (c < 128) continue;
-  if (c < 0xc0) return p - string;
+  register int ab, c, d;
+  
+  c = *p;
+  if (c < 128) continue;                /* ASCII character */
+   
+  if (c < 0xc0)                         /* Isolated 10xx xxxx byte */
+    {
+    *errorcode = PCRE_UTF8_ERR20; 
+    return p - string;
+    } 
+
+  if (c >= 0xfe)                        /* Invalid 0xfe or 0xff bytes */
+    {
+    *errorcode = PCRE_UTF8_ERR21; 
+    return p - string;
+    } 
+ 
   ab = _pcre_utf8_table4[c & 0x3f];     /* Number of additional bytes */
-  if (ab > 3) return p - string;        /* Too many for RFC 3629 */
-  if (length < ab) return p + 1 + length - string;   /* Missing bytes */
-  length -= ab;
+  if (length < ab) 
+    {
+    *errorcode = ab - length;           /* Codes ERR1 to ERR5 */
+    return p - string;                  /* Missing bytes */
+    } 
+  length -= ab;                         /* Length remaining */
 
   /* Check top bits in the second byte */
-  if ((*(++p) & 0xc0) != 0x80) return p - string;
+   
+  if (((d = *(++p)) & 0xc0) != 0x80) 
+    {
+    *errorcode = PCRE_UTF8_ERR6; 
+    return p - string - 1;
+    } 
 
-  /* Check for overlong sequences for each different length, and for the
-  excluded range 0xd000 to 0xdfff.  */
+  /* For each length, check that the remaining bytes start with the 0x80 bit 
+  set and not the 0x40 bit. Then check for an overlong sequence, and for the
+  excluded range 0xd800 to 0xdfff. */
 
   switch (ab)
     {
-    /* Check for xx00 000x (overlong sequence) */
-
-    case 1:
-    if ((c & 0x3e) == 0) return p - string;
-    continue;   /* We know there aren't any more bytes to check */
-
-    /* Check for 1110 0000, xx0x xxxx (overlong sequence) or
-                 1110 1101, 1010 xxxx (0xd000 - 0xdfff) */
-
+    /* 2-byte character. No further bytes to check for 0x80. Check first byte
+    for for xx00 000x (overlong sequence). */
+     
+    case 1: if ((c & 0x3e) == 0)  
+      {
+      *errorcode = PCRE_UTF8_ERR15;   
+      return p - string - 1;  
+      } 
+    break; 
+
+    /* 3-byte character. Check third byte for 0x80. Then check first 2 bytes 
+      for 1110 0000, xx0x xxxx (overlong sequence) or
+          1110 1101, 1010 xxxx (0xd800 - 0xdfff) */
+           
     case 2:
-    if ((c == 0xe0 && (*p & 0x20) == 0) ||
-        (c == 0xed && *p >= 0xa0))
-      return p - string;
+    if ((*(++p) & 0xc0) != 0x80)     /* Third byte */
+      {
+      *errorcode = PCRE_UTF8_ERR7;
+      return p - string - 2;   
+      } 
+    if (c == 0xe0 && (d & 0x20) == 0)
+      {
+      *errorcode = PCRE_UTF8_ERR16; 
+      return p - string - 2;
+      } 
+    if (c == 0xed && d >= 0xa0)
+      {
+      *errorcode = PCRE_UTF8_ERR14;  
+      return p - string - 2;
+      } 
     break;
 
-    /* Check for 1111 0000, xx00 xxxx (overlong sequence) or
-       greater than 0x0010ffff (f4 8f bf bf) */
-
+    /* 4-byte character. Check 3rd and 4th bytes for 0x80. Then check first 2
+       bytes for for 1111 0000, xx00 xxxx (overlong sequence), then check for a
+       character greater than 0x0010ffff (f4 8f bf bf) */
+        
     case 3:
-    if ((c == 0xf0 && (*p & 0x30) == 0) ||
-        (c > 0xf4 ) ||
-        (c == 0xf4 && *p > 0x8f))
-      return p - string;
+    if ((*(++p) & 0xc0) != 0x80)     /* Third byte */
+      {
+      *errorcode = PCRE_UTF8_ERR7;
+      return p - string - 2;   
+      } 
+    if ((*(++p) & 0xc0) != 0x80)     /* Fourth byte */
+      {
+      *errorcode = PCRE_UTF8_ERR8;
+      return p - string - 3;   
+      } 
+    if (c == 0xf0 && (d & 0x30) == 0)
+      {
+      *errorcode = PCRE_UTF8_ERR17;  
+      return p - string - 3;
+      } 
+    if (c > 0xf4 || (c == 0xf4 && d > 0x8f))
+      {
+      *errorcode = PCRE_UTF8_ERR13;  
+      return p - string - 3;
+      }
     break;
 
-#if 0
-    /* These cases can no longer occur, as we restrict to a maximum of four
-    bytes nowadays. Leave the code here in case we ever want to add an option
-    for longer sequences. */
-
-    /* Check for 1111 1000, xx00 0xxx */
-    case 4:
-    if (c == 0xf8 && (*p & 0x38) == 0) return p - string;
+    /* 5-byte and 6-byte characters are not allowed by RFC 3629, and will be
+    rejected by the length test below. However, we do the appropriate tests 
+    here so that overlong sequences get diagnosed, and also in case there is
+    ever an option for handling these larger code points. */  
+
+    /* 5-byte character. Check 3rd, 4th, and 5th bytes for 0x80. Then check for
+    1111 1000, xx00 0xxx */ 
+    
+    case 4: 
+    if ((*(++p) & 0xc0) != 0x80)     /* Third byte */
+      {
+      *errorcode = PCRE_UTF8_ERR7;
+      return p - string - 2;   
+      } 
+    if ((*(++p) & 0xc0) != 0x80)     /* Fourth byte */
+      {
+      *errorcode = PCRE_UTF8_ERR8;
+      return p - string - 3;   
+      } 
+    if ((*(++p) & 0xc0) != 0x80)     /* Fifth byte */
+      {
+      *errorcode = PCRE_UTF8_ERR9;
+      return p - string - 4;   
+      } 
+    if (c == 0xf8 && (d & 0x38) == 0) 
+      {
+      *errorcode = PCRE_UTF8_ERR18; 
+      return p - string - 4;
+      } 
     break;
 
-    /* Check for leading 0xfe or 0xff, and then for 1111 1100, xx00 00xx */
+    /* 6-byte character. Check 3rd-6th bytes for 0x80. Then check for
+    1111 1100, xx00 00xx. */
+
     case 5:
-    if (c == 0xfe || c == 0xff ||
-       (c == 0xfc && (*p & 0x3c) == 0)) return p - string;
+    if ((*(++p) & 0xc0) != 0x80)     /* Third byte */
+      {
+      *errorcode = PCRE_UTF8_ERR7;
+      return p - string - 2;   
+      } 
+    if ((*(++p) & 0xc0) != 0x80)     /* Fourth byte */
+      {
+      *errorcode = PCRE_UTF8_ERR8;
+      return p - string - 3;   
+      } 
+    if ((*(++p) & 0xc0) != 0x80)     /* Fifth byte */
+      {
+      *errorcode = PCRE_UTF8_ERR9;
+      return p - string - 4;   
+      } 
+    if ((*(++p) & 0xc0) != 0x80)     /* Sixth byte */
+      {
+      *errorcode = PCRE_UTF8_ERR10;
+      return p - string - 5;   
+      } 
+    if (c == 0xfc && (d & 0x3c) == 0) 
+      {
+      *errorcode = PCRE_UTF8_ERR19; 
+      return p - string - 5;
+      } 
     break;
-#endif
-
     }
+    
+  /* Character is valid under RFC 2279, but 4-byte and 5-byte characters are
+  excluded by RFC 3629. The pointer p is currently at the last byte of the
+  character. */
 
-  /* Check for valid bytes after the 2nd, if any; all must start 10 */
-  while (--ab > 0)
+  if (ab > 3) 
     {
-    if ((*(++p) & 0xc0) != 0x80) return p - string;
-    }
+    *errorcode = (ab == 4)? PCRE_UTF8_ERR11 : PCRE_UTF8_ERR12; 
+    return p - string - ab;
+    } 
   }
-#else
+   
+#else  /* SUPPORT_UTF8 */
 (void)(string);  /* Keep picky compilers happy */
 (void)(length);
 #endif
 
-return -1;
+return -1;   /* This indicates success */
 }
 
 /* End of pcre_valid_utf8.c */