Closed
Bug 74198
Opened 24 years ago
Closed 24 years ago
NS_ConvertUTF8toUCS2() accepts overlong sequences
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
People
(Reporter: jgmyers, Assigned: jgmyers)
References
Details
Attachments
(3 files)
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review |
NS_ConvertUFF8toUCS2() suffers from the problem described in bug 50702.
Assignee | ||
Comment 1•24 years ago
|
||
Comment 2•24 years ago
|
||
sr=scc
Assignee | ||
Comment 3•24 years ago
|
||
An alternate fix would be to follow the following ABNF grammar. The grammar
allows U+FFFF. Only U+FFFE is currently considered security critical, it
currently doesn't matter whether or not U+FFFF is decoded.
UTF8 = UTF8-1 / UTF8-multibyte
UTF8-multibyte = UTF8-2 / UTF8-3 / UTF8-4 / UTF8-5 / UTF8-6
UTF8-following = %x80-BF
UTF8-1 = %x00-7F
UTF8-2 = %xC2-DF UTF8-following
; Disallow overlong sequences beginning with 0xC0
and 0xC1.
UTF8-3 = (%xE0 %xA0-BF UTF8-following) /
(%xE1-EC 2UTF8-following) /
(%xED %x80-9F UTF8-following) /
(%xEE 2UTF8-following) /
(%xEF %x80-BE UTF8-loworder) /
(%xEF %xBF %x80-BD) / (%xEF %xBF %xBF)
; Disallow overlong sequences beginning with 0xE0,
; disallow encoded surrogate code points, and
; disallow reverse UTF-16 byte-order mark U+FFFE
UTF8-4 = (%xF0 %x90-BF 2UTF8-following) /
(%xF1-F7 3UTF8-following)
; Disallow overlong sequences beginning with 0xF0.
UTF8-5 = (%xF8 %x88-BF 3UTF8-following) /
(%xF9-FB 4UTF8-following)
; Disallow overlong sequences beginning with 0xF8.
UTF8-6 = (%xFC %x84-BF 4UTF8-following) /
(%xFD 5UTF8-following)
; Disallow overlong sequences beginning with 0xFC.
Comment 4•24 years ago
|
||
r=jag on this patch. Could you look into your suggestion and see what changes it
results in to the current code?
Assignee | ||
Comment 5•24 years ago
|
||
Assignee | ||
Comment 6•24 years ago
|
||
Assignee | ||
Comment 7•24 years ago
|
||
Fix was checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Updated•4 years ago
|
Component: String → XPCOM
You need to log in
before you can comment on or make changes to this bug.
Description
•