Commit c2da5a49 authored by Petri Hintukainen's avatar Petri Hintukainen

Fix possible OOB read when converting 16-bit CS0 (corrupt input)

parent 1867c47e
...@@ -195,7 +195,7 @@ static char *_cs0_to_utf8(const uint8_t *cs0, size_t size) ...@@ -195,7 +195,7 @@ static char *_cs0_to_utf8(const uint8_t *cs0, size_t size)
} }
break; break;
case 16: case 16:
for (i = 1; i < size; i+=2) { for (i = 1; i < size - 1; i+=2) {
uint16_t ch = cs0[i + 1] | (cs0[i] << 8); uint16_t ch = cs0[i + 1] | (cs0[i] << 8);
utf16_to_utf8(out, out_pos, out_size, ch); utf16_to_utf8(out, out_pos, out_size, ch);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment