mirror of
				https://github.com/qemu/qemu.git
				synced 2025-10-25 19:32:47 +00:00 
			
		
		
		
	 e59f39d403
			
		
	
	
		e59f39d403
		
	
	
	
	
		
			
			We reject bytes that can't occur in valid UTF-8 (\xC0..\xC1,
\xF5..\xFF in the lexer.  That's insufficient; there's plenty of
invalid UTF-8 not containing these bytes, as demonstrated by
check-qjson:
* Malformed sequences
  - Unexpected continuation bytes
  - Missing continuation bytes after start bytes other than
    \xC0..\xC1, \xF5..\xFD.
* Overlong sequences with start bytes other than \xC0..\xC1,
  \xF5..\xFD.
* Invalid code points
Fixing this in the lexer would be bothersome.  Fixing it in the parser
is straightforward, so do that.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-23-armbru@redhat.com>
		
	
			
		
			
				
	
	
		
			157 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			157 lines
		
	
	
		
			4.5 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Dealing with Unicode
 | |
|  *
 | |
|  * Copyright (C) 2013 Red Hat, Inc.
 | |
|  *
 | |
|  * Authors:
 | |
|  *  Markus Armbruster <armbru@redhat.com>
 | |
|  *
 | |
|  * This work is licensed under the terms of the GNU GPL, version 2 or
 | |
|  * later.  See the COPYING file in the top-level directory.
 | |
|  */
 | |
| 
 | |
| #include "qemu/osdep.h"
 | |
| #include "qemu/unicode.h"
 | |
| 
 | |
| static bool is_valid_codepoint(int codepoint)
 | |
| {
 | |
|     if (codepoint > 0x10FFFFu) {
 | |
|         return false;            /* beyond Unicode range */
 | |
|     }
 | |
|     if ((codepoint >= 0xFDD0 && codepoint <= 0xFDEF)
 | |
|         || (codepoint & 0xFFFE) == 0xFFFE) {
 | |
|         return false;            /* noncharacter */
 | |
|     }
 | |
|     if (codepoint >= 0xD800 && codepoint <= 0xDFFF) {
 | |
|         return false;            /* surrogate code point */
 | |
|     }
 | |
|     return true;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * mod_utf8_codepoint:
 | |
|  * @s: string encoded in modified UTF-8
 | |
|  * @n: maximum number of bytes to read from @s, if less than 6
 | |
|  * @end: set to end of sequence on return
 | |
|  *
 | |
|  * Convert the modified UTF-8 sequence at the start of @s.  Modified
 | |
|  * UTF-8 is exactly like UTF-8, except U+0000 is encoded as
 | |
|  * "\xC0\x80".
 | |
|  *
 | |
|  * If @n is zero or @s points to a zero byte, the sequence is invalid,
 | |
|  * and @end is set to @s.
 | |
|  *
 | |
|  * If @s points to an impossible byte (0xFE or 0xFF) or a continuation
 | |
|  * byte, the sequence is invalid, and @end is set to @s + 1
 | |
|  *
 | |
|  * Else, the first byte determines how many continuation bytes are
 | |
|  * expected.  If there are fewer, the sequence is invalid, and @end is
 | |
|  * set to @s + 1 + actual number of continuation bytes.  Else, the
 | |
|  * sequence is well-formed, and @end is set to @s + 1 + expected
 | |
|  * number of continuation bytes.
 | |
|  *
 | |
|  * A well-formed sequence is valid unless it encodes a codepoint
 | |
|  * outside the Unicode range U+0000..U+10FFFF, one of Unicode's 66
 | |
|  * noncharacters, a surrogate codepoint, or is overlong.  Except the
 | |
|  * overlong sequence "\xC0\x80" is valid.
 | |
|  *
 | |
|  * Conversion succeeds if and only if the sequence is valid.
 | |
|  *
 | |
|  * Returns: the Unicode codepoint on success, -1 on failure.
 | |
|  */
 | |
| int mod_utf8_codepoint(const char *s, size_t n, char **end)
 | |
| {
 | |
|     static int min_cp[5] = { 0x80, 0x800, 0x10000, 0x200000, 0x4000000 };
 | |
|     const unsigned char *p;
 | |
|     unsigned byte, mask, len, i;
 | |
|     int cp;
 | |
| 
 | |
|     if (n == 0 || *s == 0) {
 | |
|         /* empty sequence */
 | |
|         *end = (char *)s;
 | |
|         return -1;
 | |
|     }
 | |
| 
 | |
|     p = (const unsigned char *)s;
 | |
|     byte = *p++;
 | |
|     if (byte < 0x80) {
 | |
|         cp = byte;              /* one byte sequence */
 | |
|     } else if (byte >= 0xFE) {
 | |
|         cp = -1;                /* impossible bytes 0xFE, 0xFF */
 | |
|     } else if ((byte & 0x40) == 0) {
 | |
|         cp = -1;                /* unexpected continuation byte */
 | |
|     } else {
 | |
|         /* multi-byte sequence */
 | |
|         len = 0;
 | |
|         for (mask = 0x80; byte & mask; mask >>= 1) {
 | |
|             len++;
 | |
|         }
 | |
|         assert(len > 1 && len < 7);
 | |
|         cp = byte & (mask - 1);
 | |
|         for (i = 1; i < len; i++) {
 | |
|             byte = i < n ? *p : 0;
 | |
|             if ((byte & 0xC0) != 0x80) {
 | |
|                 cp = -1;        /* continuation byte missing */
 | |
|                 goto out;
 | |
|             }
 | |
|             p++;
 | |
|             cp <<= 6;
 | |
|             cp |= byte & 0x3F;
 | |
|         }
 | |
|         if (!is_valid_codepoint(cp)) {
 | |
|             cp = -1;
 | |
|         } else if (cp < min_cp[len - 2] && !(cp == 0 && len == 2)) {
 | |
|             cp = -1;            /* overlong, not \xC0\x80 */
 | |
|         }
 | |
|     }
 | |
| 
 | |
| out:
 | |
|     *end = (char *)p;
 | |
|     return cp;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * mod_utf8_encode:
 | |
|  * @buf: Destination buffer
 | |
|  * @bufsz: size of @buf, at least 5.
 | |
|  * @codepoint: Unicode codepoint to encode
 | |
|  *
 | |
|  * Convert Unicode codepoint @codepoint to modified UTF-8.
 | |
|  *
 | |
|  * Returns: the length of the UTF-8 sequence on success, -1 when
 | |
|  * @codepoint is invalid.
 | |
|  */
 | |
| ssize_t mod_utf8_encode(char buf[], size_t bufsz, int codepoint)
 | |
| {
 | |
|     assert(bufsz >= 5);
 | |
| 
 | |
|     if (!is_valid_codepoint(codepoint)) {
 | |
|         return -1;
 | |
|     }
 | |
| 
 | |
|     if (codepoint > 0 && codepoint <= 0x7F) {
 | |
|         buf[0] = codepoint & 0x7F;
 | |
|         buf[1] = 0;
 | |
|         return 1;
 | |
|     }
 | |
|     if (codepoint <= 0x7FF) {
 | |
|         buf[0] = 0xC0 | ((codepoint >> 6) & 0x1F);
 | |
|         buf[1] = 0x80 | (codepoint & 0x3F);
 | |
|         buf[2] = 0;
 | |
|         return 2;
 | |
|     }
 | |
|     if (codepoint <= 0xFFFF) {
 | |
|         buf[0] = 0xE0 | ((codepoint >> 12) & 0x0F);
 | |
|         buf[1] = 0x80 | ((codepoint >> 6) & 0x3F);
 | |
|         buf[2] = 0x80 | (codepoint & 0x3F);
 | |
|         buf[3] = 0;
 | |
|         return 3;
 | |
|     }
 | |
|     buf[0] = 0xF0 | ((codepoint >> 18) & 0x07);
 | |
|     buf[1] = 0x80 | ((codepoint >> 12) & 0x3F);
 | |
|     buf[2] = 0x80 | ((codepoint >> 6) & 0x3F);
 | |
|     buf[3] = 0x80 | (codepoint & 0x3F);
 | |
|     buf[4] = 0;
 | |
|     return 4;
 | |
| }
 |