| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- Subject: Fix casts and bounds check (found by oss-fuzz)
- Origin: FILE5_36-1-gecca6e54 <https://github.com/file/file/commit/FILE5_36-1-gecca6e54>
- Upstream-Author: Christos Zoulas <christos@zoulas.com>
- Date: Wed Feb 20 16:15:47 2019 +0000
- --- a/src/encoding.c
- +++ b/src/encoding.c
- @@ -442,9 +442,9 @@
- /* XXX fix to properly handle chars > 65536 */
-
- if (bigend)
- - ubf[(*ulen)++] = bf[i + 1] + 256 * bf[i];
- + ubf[(*ulen)++] = bf[i + 1] + (bf[i] << 8);
- else
- - ubf[(*ulen)++] = bf[i] + 256 * bf[i + 1];
- + ubf[(*ulen)++] = bf[i] + (bf[i + 1] << 8);
-
- if (ubf[*ulen - 1] == 0xfffe)
- return 0;
- @@ -475,15 +475,17 @@
-
- *ulen = 0;
-
- - for (i = 4; i + 1 < nbytes; i += 4) {
- + for (i = 4; i + 3 < nbytes; i += 4) {
- /* XXX fix to properly handle chars > 65536 */
-
- if (bigend)
- ubf[(*ulen)++] = bf[i + 3] | (bf[i + 2] << 8)
- - | (bf[i + 1] << 16) | bf[i] << 24;
- + | (bf[i + 1] << 16)
- + | CAST(unichar, bf[i] << 24);
- else
- ubf[(*ulen)++] = bf[i] | (bf[i + 1] << 8)
- - | (bf[i + 2] << 16) | (bf[i + 3] << 24);
- + | (bf[i + 2] << 16)
- + | CAST(unichar, bf[i + 3] << 24);
-
- if (ubf[*ulen - 1] == 0xfffe)
- return 0;
|
