undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

commit: reject invalid UTF-8 codepoints

Browse Source 
The commit code already contains code for validating UTF-8, but it does not
check for invalid values, such as guaranteed non-characters and surrogates.  Fix
this by explicitly checking for and rejecting such characters.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
brian m. carlson 2013-07-04 17:19:43 +00:00 committed by Junio C Hamano
parent 81a199bb1c
commit 28110d4bfc
2 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
commit.c
View File

@ -1244,6 +1244,7 @@ static int find_invalid_utf8(const char *buf, int len)
while (len) { while (len) {
unsigned char c = *buf++; unsigned char c = *buf++;
int bytes, bad_offset; int bytes, bad_offset;
unsigned int codepoint;
len--; len--;
offset++; offset++;
@ -1264,24 +1265,40 @@ static int find_invalid_utf8(const char *buf, int len)
bytes++; bytes++;
} }
/* Must be between 1 and 5 more bytes */ /*
if (bytes < 1 || bytes > 5) * Must be between 1 and 3 more bytes. Longer sequences result in
* codepoints beyond U+10FFFF, which are guaranteed never to exist.
*/
if (bytes < 1 || 3 < bytes)
return bad_offset; return bad_offset;
/* Do we *have* that many bytes? */ /* Do we *have* that many bytes? */
if (len < bytes) if (len < bytes)
return bad_offset; return bad_offset;
/* Place the encoded bits at the bottom of the value. */
codepoint = (c & 0x7f) >> bytes;
offset += bytes; offset += bytes;
len -= bytes; len -= bytes;
/* And verify that they are good continuation bytes */ /* And verify that they are good continuation bytes */
do { do {
codepoint <<= 6;
codepoint |= *buf & 0x3f;
if ((*buf++ & 0xc0) != 0x80) if ((*buf++ & 0xc0) != 0x80)
return bad_offset; return bad_offset;
} while (--bytes); } while (--bytes);
/* We could/should check the value and length here too */ /* No codepoints can ever be allocated beyond U+10FFFF. */
if (codepoint > 0x10ffff)
return bad_offset;
/* Surrogates are only for UTF-16 and cannot be encoded in UTF-8. */
if ((codepoint & 0x1ff800) == 0xd800)
return bad_offset;
/* U+FFFE and U+FFFF are guaranteed non-characters. */
if ((codepoint & 0x1ffffe) == 0xfffe)
return bad_offset;
} }
return -1; return -1;
} }
@ -1292,8 +1309,8 @@ static int find_invalid_utf8(const char *buf, int len)
* If it isn't, it assumes any non-utf8 characters are Latin1, * If it isn't, it assumes any non-utf8 characters are Latin1,
* and does the conversion. * and does the conversion.
* *
* Fixme: we should probably also disallow overlong forms and * Fixme: we should probably also disallow overlong forms.
* invalid characters. But we don't do that currently. * But we don't do that currently.
*/ */
static int verify_utf8(struct strbuf *buf) static int verify_utf8(struct strbuf *buf)
{ {

8
t/t3900-i18n-commit.sh
View File

@ -39,6 +39,14 @@ test_expect_failure 'UTF-16 refused because of NULs' '
git commit -a -F "$TEST_DIRECTORY"/t3900/UTF-16.txt git commit -a -F "$TEST_DIRECTORY"/t3900/UTF-16.txt
' '
test_expect_success 'UTF-8 invalid characters refused' '
test_when_finished "rm -f $HOME/stderr $HOME/invalid" &&
echo "UTF-8 characters" >F &&
printf "Commit message\n\nInvalid surrogate:\355\240\200\n" \
>"$HOME/invalid" &&
git commit -a -F "$HOME/invalid" 2>"$HOME"/stderr &&
grep "did not conform" "$HOME"/stderr
'
for H in ISO8859-1 eucJP ISO-2022-JP for H in ISO8859-1 eucJP ISO-2022-JP
do do