development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-10-03 23:29:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

commit: reject invalid UTF-8 codepoints

Browse source 
The commit code already contains code for validating UTF-8, but it does not
check for invalid values, such as guaranteed non-characters and surrogates.  Fix
this by explicitly checking for and rejecting such characters.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
brian m. carlson 2013-07-04 17:19:43 +00:00 committed by Junio C Hamano
parent 81a199bb1c
commit 28110d4bfc
2 changed files with 30 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
commit.c
View file

@ -1244,6 +1244,7 @@ static int find_invalid_utf8(const char *buf, int len)
while (len) {
unsigned char c = *buf++;
int bytes, bad_offset;
unsigned int codepoint;
len--;
offset++;
@ -1264,24 +1265,40 @@ static int find_invalid_utf8(const char *buf, int len)
bytes++;
}
/* Must be between 1 and 5 more bytes */
if (bytes < 1 || bytes > 5)
/*
* Must be between 1 and 3 more bytes. Longer sequences result in
* codepoints beyond U+10FFFF, which are guaranteed never to exist.
*/
if (bytes < 1 || 3 < bytes)
return bad_offset;
/* Do we *have* that many bytes? */
if (len < bytes)
return bad_offset;
/* Place the encoded bits at the bottom of the value. */
codepoint = (c & 0x7f) >> bytes;
offset += bytes;
len -= bytes;
/* And verify that they are good continuation bytes */
do {
codepoint <<= 6;
codepoint |= *buf & 0x3f;
if ((*buf++ & 0xc0) != 0x80)
return bad_offset;
} while (--bytes);
/* We could/should check the value and length here too */
/* No codepoints can ever be allocated beyond U+10FFFF. */
if (codepoint > 0x10ffff)
return bad_offset;
/* Surrogates are only for UTF-16 and cannot be encoded in UTF-8. */
if ((codepoint & 0x1ff800) == 0xd800)
return bad_offset;
/* U+FFFE and U+FFFF are guaranteed non-characters. */
if ((codepoint & 0x1ffffe) == 0xfffe)
return bad_offset;
}
return -1;
}
@ -1292,8 +1309,8 @@ static int find_invalid_utf8(const char *buf, int len)
* If it isn't, it assumes any non-utf8 characters are Latin1,
* and does the conversion.
*
* Fixme: we should probably also disallow overlong forms and
* invalid characters. But we don't do that currently.
* Fixme: we should probably also disallow overlong forms.
* But we don't do that currently.
*/
static int verify_utf8(struct strbuf *buf)
{

8
t/t3900-i18n-commit.sh
View file

@ -39,6 +39,14 @@ test_expect_failure 'UTF-16 refused because of NULs' '
git commit -a -F "$TEST_DIRECTORY"/t3900/UTF-16.txt
'
test_expect_success 'UTF-8 invalid characters refused' '
test_when_finished "rm -f $HOME/stderr $HOME/invalid" &&
echo "UTF-8 characters" >F &&
printf "Commit message\n\nInvalid surrogate:\355\240\200\n" \
>"$HOME/invalid" &&
git commit -a -F "$HOME/invalid" 2>"$HOME"/stderr &&
grep "did not conform" "$HOME"/stderr
'
for H in ISO8859-1 eucJP ISO-2022-JP
do