From e15b2b19a3548c8c210d86a77b52d495494a1e20 Mon Sep 17 00:00:00 2001 From: Dudemanguy Date: Fri, 12 Jan 2024 20:03:50 -0600 Subject: filter_sdh: sanitize get_char_bytes heuristic to avoid overflow There's a simple check in filter_sdh that gets the bytes of the first character in a string in order to do pointer arthimetic to filter the string. The problem is that it is possible for the amount of bytes to be greater than the actual length of the string for certain unicode characters. This can't be worked with so enforce the strlen as the absolute minimum here to avoid overflow situations. Fixes #13237. --- sub/filter_sdh.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sub/filter_sdh.c b/sub/filter_sdh.c index da5337d850..0a1d36749e 100644 --- a/sub/filter_sdh.c +++ b/sub/filter_sdh.c @@ -72,13 +72,13 @@ static int get_char_bytes(char *str) // using anything else anyway. if (str && str[0]) { if (!(str[0] >> 7 & 1)) { - return 1; + return MPMIN(strlen(str), 1); } else if (!(str[0] >> 5 & 1)) { - return 2; + return MPMIN(strlen(str), 2); } else if (!(str[0] >> 4 & 1)) { - return 3; + return MPMIN(strlen(str), 3); } else if (!(str[0] >> 3 & 1)) { - return 4; + return MPMIN(strlen(str), 4); } } return 0; -- cgit v1.2.3