fix out-of-bounds read on truncated UTF-8 in wxUString::assignFromUTF8 (PR #26548)
Javid Khan
The length-counting pass in the NUL-terminated assignFromUTF8 advances p by the lead byte's UTF-8 sequence length without checking those bytes are really there. A string ending in a truncated multibyte sequence (e.g. a lone 0xC3 before the NUL) skips p past the terminating NUL, so the while(p) test then reads past the end of the buffer. The assignFromUTF8(str, n) overload below already guards this via utf8_pos + len > n; this just adds the equivalent check for the terminated form. Reachable through wxUString::FromUTF8(const char).
You can view, comment on, or merge this pull request online at:
https://github.com/wxWidgets/wxWidgets/pull/26548
Commit Summary
- 49222b3 fix out-of-bounds read on truncated UTF-8 in wxUString::assignFromUTF8
File Changes
(1 file)
- M src/common/ustring.cpp (7)
Patch Links:
- https://github.com/wxWidgets/wxWidgets/pull/26548.patch
- https://github.com/wxWidgets/wxWidgets/pull/26548.diff
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
VZ
vadz left a comment (wxWidgets/wxWidgets#26548)Thanks, will merge soon.
We really should have some unit tests for this class...
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
VZ
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.