Released as 6.5.13.

[libucw.git] / ucw / unicode.h

diff --git a/ucw/unicode.h b/ucw/unicode.h
index cc1d5dc65a813d3ee4dea4246e4020f608d1c6e6..4ec1c6b2ca8aa010733f0a09d46824ec2ae10f25 100644 (file)
--- a/ucw/unicode.h
+++ b/ucw/unicode.h
@@ -89,6 +89,7 @@ put1: *p++ = 0x80 | (u & 0x3f);
 }
 
 #define UTF8_GET_NEXT if (unlikely((*p & 0xc0) != 0x80)) goto bad; u = (u << 6) | (*p++ & 0x3f)
+#define UTF8_CHECK_RANGE(r) if (unlikely(u < r)) goto bad
 
 /**
  * Decode a value from the range `[0, 0xFFFF]` (basic multilingual plane)
@@ -109,12 +110,14 @@ static inline byte *utf8_get_repl(const byte *p, uint *uu, uint repl)
     {
       u &= 0x1f;
       UTF8_GET_NEXT;
+      UTF8_CHECK_RANGE(0x80);
     }
   else if (likely(u < 0xf0))
     {
       u &= 0x0f;
       UTF8_GET_NEXT;
       UTF8_GET_NEXT;
+      UTF8_CHECK_RANGE(0x800);
     }
   else
     goto bad;
@@ -129,47 +132,56 @@ static inline byte *utf8_get_repl(const byte *p, uint *uu, uint repl)
 static inline byte *utf8_32_get_repl(const byte *p, uint *uu, uint repl)
 {
   uint u = *p++;
+  uint limit;
   if (u < 0x80)
     ;
   else if (unlikely(u < 0xc0))
-    {
-      /* Incorrect byte sequence */
-    bad:
-      u = repl;
-    }
+    goto bad;
   else if (u < 0xe0)
     {
       u &= 0x1f;
+      limit = 0x80;
       goto get1;
     }
   else if (u < 0xf0)
     {
       u &= 0x0f;
+      limit = 0x800;
       goto get2;
     }
   else if (u < 0xf8)
     {
       u &= 0x07;
+      limit = 1 << 16;
       goto get3;
     }
   else if (u < 0xfc)
     {
       u &= 0x03;
+      limit = 1 << 21;
       goto get4;
     }
   else if (u < 0xfe)
     {
       u &= 0x01;
+      limit = 1 << 26;
       UTF8_GET_NEXT;
 get4: UTF8_GET_NEXT;
 get3: UTF8_GET_NEXT;
 get2: UTF8_GET_NEXT;
 get1: UTF8_GET_NEXT;
+      if (unlikely(u < limit))
+       goto bad;
     }
   else
     goto bad;
   *uu = u;
   return (byte *)p;
+
+bad:
+  /* Incorrect byte sequence */
+  *uu = repl;
+  return (byte *)p;
 }
 
 /**
@@ -236,6 +248,9 @@ static inline uint utf8_encoding_len(uint c)
   return 6;
 }
 
+/** Maximum number of bytes an UTF-8 character can have. **/
+#define UTF8_MAX_LEN 6
+
 /**
  * Encode an UTF-16LE character from the range `[0, 0xD7FF]` or `[0xE000,0x11FFFF]`;
  * up to 4 bytes needed.
@@ -344,7 +359,7 @@ static inline void *utf16_be_get(const void *p, uint *uu)
 static inline uint unicode_sanitize_char(uint u)
 {
   if (u >= 0x10000 ||                  // We don't accept anything outside the basic plane
-      u >= 0xd800 && u < 0xf900 ||     // neither we do surrogates
+      u >= 0xd800 && u < 0xf900 ||     // neither we do surrogates and private use characters
       u >= 0x80 && u < 0xa0 ||         // nor latin-1 control chars
       u < 0x20 && u != '\t')
     return UNI_REPLACEMENT;
@@ -357,11 +372,11 @@ static inline uint unicode_sanitize_char(uint u)
  * Count the number of Unicode characters in a zero-terminated UTF-8 string.
  * Returned value for corrupted encoding is undefined, but is never greater than strlen().
  **/
-uint utf8_strlen(const byte *str);
+size_t utf8_strlen(const byte *str);
 
 /**
  * Same as @utf8_strlen(), but returns at most @n characters.
  **/
-uint utf8_strnlen(const byte *str, uint n);
+size_t utf8_strnlen(const byte *str, size_t n);
 
 #endif