stdlib: Check for overlong UTF-8 encoding in mbtowc_r

keith-packard · keith-packard · commit 00baa82efa74 · 2024-10-23T13:19:26.000-07:00
UTF-8 starting with 0xc0 is invalid as any value like that could
have been encoded in a single byte and Unicode does not allow for
that.

Signed-off-by: Keith Packard &lt;keithp@keithp.com&gt;
diff --git a/newlib/libc/stdlib/mbtowc_r.c b/newlib/libc/stdlib/mbtowc_r.c
@@ -560,6 +560,10 @@ __utf8_mbtowc (
     }
   if (ch >= 0xc0 && ch <= 0xdf)
     {
+      if (ch == 0xc0) {
+        _REENT_ERRNO(r) = EILSEQ;
+        return -1;
+      }
       /* two-byte sequence */
       state->__value.__wchb[0] = ch;
       if (state->__count == 0)

Original file line number	Diff line number	Diff line change
`@@ -560,6 +560,10 @@ __utf8_mbtowc (`
`560`	`560`	`}`
`561`	`561`	`if (ch >= 0xc0 && ch <= 0xdf)`
`562`	`562`	`{`
	`563`	`+ if (ch == 0xc0) {`
	`564`	`+ _REENT_ERRNO(r) = EILSEQ;`
	`565`	`+ return -1;`
	`566`	`+ }`
`563`	`567`	`/* two-byte sequence */`
`564`	`568`	`state->__value.__wchb[0] = ch;`
`565`	`569`	`if (state->__count == 0)`