utf8n_to_uvuni: Avoid reading outside of buffer

Prior to this patch, if the first byte of a UTF-8 sequence indicated that the sequence occupied n bytes, but the input parameters indicated that fewer were available, all n were attempted to be read
author: Karl Williamson <public@khwilliamson.com> 2012-04-18 16:48:29 -0600
committer: Karl Williamson <public@khwilliamson.com> 2012-04-26 11:58:57 -0600
commit: 0b8d30e8ba4bed9219a0a08549fd9d07661587ee (patch)
tree: 9af9dfafac6a9b6ff86a1c4b3268d5fafe04caa0 /utf8.c
parent: 746afd533cc96b75c8a3c821291822f0c0ce7e2a (diff)
download: perl-0b8d30e8ba4bed9219a0a08549fd9d07661587ee.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/utf8.c b/utf8.c
index 7ddd9c75af..52563c4826 100644
--- a/utf8.c
+++ b/utf8.c
@@ -573,6 +573,7 @@ Perl_utf8n_to_uvuni(pTHX_ const U8 *s, STRLEN curlen, STRLEN *retlen, U32 flags)
 {
     dVAR;
     const U8 * const s0 = s;
+    U8 * send;
     UV uv = *s, ouv = 0;
     STRLEN len = 1;
     bool dowarn = ckWARN_d(WARN_UTF8);
@@ -644,11 +645,11 @@ Perl_utf8n_to_uvuni(pTHX_ const U8 *s, STRLEN curlen, STRLEN *retlen, U32 flags)
 	goto malformed;
     }
 
-    len--;
-    s++;
+    send =  (U8*) s0 + ((expectlen <= curlen) ? expectlen : curlen);
+
     ouv = uv;	/* ouv is the value from the previous iteration */
 
-    while (len--) {
+    for (++s; s < send; s++) {
 	if (!UTF8_IS_CONTINUATION(*s) &&
 	    !(flags & UTF8_ALLOW_NON_CONTINUATION)) {
 	    s--;
@@ -672,7 +673,6 @@ Perl_utf8n_to_uvuni(pTHX_ const U8 *s, STRLEN curlen, STRLEN *retlen, U32 flags)
 		goto malformed;
 	    }
 	}
-	s++;
 	ouv = uv;
     }
author	Karl Williamson <public@khwilliamson.com>	2012-04-18 16:48:29 -0600
committer	Karl Williamson <public@khwilliamson.com>	2012-04-26 11:58:57 -0600
commit	0b8d30e8ba4bed9219a0a08549fd9d07661587ee (patch)
tree	9af9dfafac6a9b6ff86a1c4b3268d5fafe04caa0 /utf8.c
parent	746afd533cc96b75c8a3c821291822f0c0ce7e2a (diff)
download	perl-0b8d30e8ba4bed9219a0a08549fd9d07661587ee.tar.gz