generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2024-12-12 18:20:26 +01:00
Code Issues Projects Releases Wiki Activity

enh(Foundation): #4690: protect against buffer overflow caused by buggy TextEncoding implementations

Browse Source
This commit is contained in:
Günter Obiltschnig 2024-09-26 10:26:22 +02:00
parent ce9c08a2d8
commit 54bc0fcb47
4 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Foundation/src/TextBufferIterator.cpp
View File

@ -102,6 +102,7 @@ int TextBufferIterator::operator * () const
unsigned char buffer[TextEncoding::MAX_SEQUENCE_LENGTH]; unsigned char buffer[TextEncoding::MAX_SEQUENCE_LENGTH];
unsigned char* p = buffer; unsigned char* p = buffer;
unsigned char* pend = p + TextEncoding::MAX_SEQUENCE_LENGTH;
if (it != _end) if (it != _end)
*p++ = *it++; *p++ = *it++;
@ -115,6 +116,7 @@ int TextBufferIterator::operator * () const
{ {
while (read < -n && it != _end) while (read < -n && it != _end)
{ {
poco_assert(p != pend);
*p++ = *it++; *p++ = *it++;
read++; read++;
} }

2
Foundation/src/TextIterator.cpp
View File

@ -99,6 +99,7 @@ int TextIterator::operator * () const
unsigned char buffer[TextEncoding::MAX_SEQUENCE_LENGTH]; unsigned char buffer[TextEncoding::MAX_SEQUENCE_LENGTH];
unsigned char* p = buffer; unsigned char* p = buffer;
unsigned char* pend = p + TextEncoding::MAX_SEQUENCE_LENGTH;
if (it != _end) if (it != _end)
*p++ = *it++; *p++ = *it++;
@ -112,6 +113,7 @@ int TextIterator::operator * () const
{ {
while (read < -n && it != _end) while (read < -n && it != _end)
{ {
poco_assert(p != pend);
*p++ = *it++; *p++ = *it++;
read++; read++;
} }

34
Foundation/testsuite/src/TextIteratorTest.cpp
View File

@ -15,12 +15,14 @@
#include "Poco/Latin1Encoding.h" #include "Poco/Latin1Encoding.h"
#include "Poco/UTF8Encoding.h" #include "Poco/UTF8Encoding.h"
#include "Poco/UTF16Encoding.h" #include "Poco/UTF16Encoding.h"
#include "Poco/UTF32Encoding.h"
using Poco::TextIterator; using Poco::TextIterator;
using Poco::Latin1Encoding; using Poco::Latin1Encoding;
using Poco::UTF8Encoding; using Poco::UTF8Encoding;
using Poco::UTF16Encoding; using Poco::UTF16Encoding;
using Poco::UTF32Encoding;
TextIteratorTest::TextIteratorTest(const std::string& name): CppUnit::TestCase(name) TextIteratorTest::TextIteratorTest(const std::string& name): CppUnit::TestCase(name)
@ -242,6 +244,36 @@ void TextIteratorTest::testSwap()
} }
void TextIteratorTest::testUTF32Invalid1()
{
UTF32Encoding encoding;
const Poco::UInt32 data[] = {0x00000041, 0xffffffef, 0x00000041, 0x00000041, 0x00000041, 0x00000041, 0x00};
std::string text((const char*) data, 24);
TextIterator it(text, encoding);
TextIterator end(text);
assertTrue (it != end);
assertTrue (*it++ == 0x41);
assertTrue (it != end);
assertTrue (*it++ == -1);
}
void TextIteratorTest::testUTF32Invalid2()
{
UTF32Encoding encoding;
const Poco::UInt32 data[] = {0x00000041, 0xfffffffe, 0xfffffffe, 0x00};
std::string text((const char*) data, 12);
TextIterator it(text, encoding);
TextIterator end(text);
assertTrue (it != end);
assertTrue (*it++ == 0x41);
assertTrue (it != end);
assertTrue (*it++ == -1);
}
void TextIteratorTest::setUp() void TextIteratorTest::setUp()
{ {
} }
@ -265,6 +297,8 @@ CppUnit::Test* TextIteratorTest::suite()
CppUnit_addTest(pSuite, TextIteratorTest, testUTF8Supplementary); CppUnit_addTest(pSuite, TextIteratorTest, testUTF8Supplementary);
CppUnit_addTest(pSuite, TextIteratorTest, testUTF16Supplementary); CppUnit_addTest(pSuite, TextIteratorTest, testUTF16Supplementary);
CppUnit_addTest(pSuite, TextIteratorTest, testSwap); CppUnit_addTest(pSuite, TextIteratorTest, testSwap);
CppUnit_addTest(pSuite, TextIteratorTest, testUTF32Invalid1);
CppUnit_addTest(pSuite, TextIteratorTest, testUTF32Invalid2);
return pSuite; return pSuite;
} }

2
Foundation/testsuite/src/TextIteratorTest.h
View File

@ -33,6 +33,8 @@ public:
void testUTF8Supplementary(); void testUTF8Supplementary();
void testUTF16Supplementary(); void testUTF16Supplementary();
void testSwap(); void testSwap();
void testUTF32Invalid1();
void testUTF32Invalid2();
void setUp(); void setUp();
void tearDown(); void tearDown();