0ct0pu5/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-12-04 05:20:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

LibTextCodec: Make UTF16BEDecoder read only up to an even offset

Browse source 
Reading up to the end of the input string of odd length results in
an out-of-bounds read
This commit is contained in:
Idan Horowitz 2021-03-15 16:26:56 +02:00 committed by Andreas Kling
parent 7156b61d57
commit c9f25bca04
Notes: sideshowbarker 2024-07-18 21:20:21 +09:00 
Author: https://github.com/IdanHo
Commit: https://github.com/SerenityOS/serenity/commit/c9f25bca048
Pull-request: https://github.com/SerenityOS/serenity/pull/5802
Issue: https://github.com/SerenityOS/serenity/issues/5769
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibTextCodec/Decoder.cpp
View file

@ -183,7 +183,8 @@ String UTF8Decoder::to_utf8(const StringView& input)
String UTF16BEDecoder::to_utf8(const StringView& input)
{
StringBuilder builder(input.length() / 2);
for (size_t i = 0; i < input.length(); i += 2) {
size_t utf16_length = input.length() - (input.length() % 2);
for (size_t i = 0; i < utf16_length; i += 2) {
u16 code_point = (input[i] << 8) | input[i + 1];
builder.append_code_point(code_point);
}