sanchayanmaity/minix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix buffer overflow in libarchive if a UTF-8 encoded string has codepoints that require two UTF-16 words

Browse source
This commit is contained in:
Erik van der Kouwe 2010-08-23 16:32:05 +00:00
parent d743c5c6f3
commit a2647a4181
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/libarchive/archive_string.c
View file

@ -291,8 +291,13 @@ __archive_string_utf8_w(struct archive_string *as)
int wc, wc2;/* Must be large enough for a 21-bit Unicode code point. */
const char *src;
int n;
size_t size;
ws = (wchar_t *)malloc((as->length + 1) * sizeof(wchar_t));
/* be pessimistic; UCS4 always takes up four bytes per char while
* UTF-16 may takes four bytes per char (except the 0 terminator)
*/
size = as->length * 4 + sizeof(wchar_t);
ws = (wchar_t *)malloc(size);
if (ws == NULL)
__archive_errx(1, "Out of memory");
dest = ws;