diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2007-08-09 09:52:43 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2007-08-09 09:52:43 +0000 |
commit | 56f7881b1a4124ac28d095f39f0ece0d5561dd5c (patch) | |
tree | 6e0009887fa819f4fa6321ae4ea752071823aa84 /pcre_valid_utf8.c | |
parent | 566685d9e65796643fd8df2419a5882f85a0a44c (diff) | |
download | pcre-56f7881b1a4124ac28d095f39f0ece0d5561dd5c.tar.gz |
Update UTF-8 validity check and documentation.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@211 2f5784b3-3f2a-0410-8824-cb99058d5e15
Diffstat (limited to 'pcre_valid_utf8.c')
-rw-r--r-- | pcre_valid_utf8.c | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/pcre_valid_utf8.c b/pcre_valid_utf8.c index 03798c3..0486ea3 100644 --- a/pcre_valid_utf8.c +++ b/pcre_valid_utf8.c @@ -59,6 +59,13 @@ that subsequent code can assume it is dealing with a valid string. The check can be turned off for maximum performance, but the consequences of supplying an invalid string are then undefined. +Originally, this function checked according to RFC 2279, allowing for values in +the range 0 to 0x7fffffff, up to 6 bytes long, but ensuring that they were in +the canonical format. Once somebody had pointed out RFC 3629 to me (it +obsoletes 2279), additional restrictions were applies. The values are now +limited to be between 0 and 0x0010ffff, no more than 4 bytes long, and the +subrange 0xd000 to 0xdfff is excluded. + Arguments: string points to the string length length of string, or -1 if the string is zero-terminated @@ -85,31 +92,48 @@ for (p = string; length-- > 0; p++) register int c = *p; if (c < 128) continue; if (c < 0xc0) return p - string; - ab = _pcre_utf8_table4[c & 0x3f]; /* Number of additional bytes */ - if (length < ab) return p - string; + ab = _pcre_utf8_table4[c & 0x3f]; /* Number of additional bytes */ + if (length < ab || ab > 3) return p - string; length -= ab; /* Check top bits in the second byte */ if ((*(++p) & 0xc0) != 0x80) return p - string; - /* Check for overlong sequences for each different length */ + /* Check for overlong sequences for each different length, and for the + excluded range 0xd000 to 0xdfff. */ + switch (ab) { - /* Check for xx00 000x */ + /* Check for xx00 000x (overlong sequence) */ + case 1: if ((c & 0x3e) == 0) return p - string; continue; /* We know there aren't any more bytes to check */ - /* Check for 1110 0000, xx0x xxxx */ + /* Check for 1110 0000, xx0x xxxx (overlong sequence) or + 1110 1101, 1010 xxxx (0xd000 - 0xdfff) */ + case 2: - if (c == 0xe0 && (*p & 0x20) == 0) return p - string; + if ((c == 0xe0 && (*p & 0x20) == 0) || + (c == 0xed && *p >= 0xa0)) + return p - string; break; - /* Check for 1111 0000, xx00 xxxx */ + /* Check for 1111 0000, xx00 xxxx (overlong sequence) or + greater than 0x0010ffff (f4 8f bf bf) */ + case 3: - if (c == 0xf0 && (*p & 0x30) == 0) return p - string; + if ((c == 0xf0 && (*p & 0x30) == 0) || + (c > 0xf4 ) || + (c == 0xf4 && *p > 0x8f)) + return p - string; break; +#if 0 + /* These cases can no longer occur, as we restrict to a maximum of four + bytes nowadays. Leave the code here in case we ever want to add an option + for longer sequences. */ + /* Check for 1111 1000, xx00 0xxx */ case 4: if (c == 0xf8 && (*p & 0x38) == 0) return p - string; @@ -120,6 +144,8 @@ for (p = string; length-- > 0; p++) if (c == 0xfe || c == 0xff || (c == 0xfc && (*p & 0x3c) == 0)) return p - string; break; +#endif + } /* Check for valid bytes after the 2nd, if any; all must start 10 */ |