Bug 1396557 - Make JS::StringIsUTF8 stricter. r=luke
authorLars T Hansen <lhansen@mozilla.com>
Mon, 04 Sep 2017 13:36:25 +0200
changeset 428360 8822dc7f2d3ccc881625676aee1a907365494af4
parent 428359 60fd99ec9e7122492a243b8bce904db586a930ed
child 428361 cd4cb832958672a9b3d068d5f59cc946a2fe66f3
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs1396557
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1396557 - Make JS::StringIsUTF8 stricter. r=luke
js/src/vm/CharacterEncoding.cpp
--- a/js/src/vm/CharacterEncoding.cpp
+++ b/js/src/vm/CharacterEncoding.cpp
@@ -498,28 +498,41 @@ JS::StringIsASCII(const char* s)
 }
 
 bool
 JS::StringIsUTF8(const uint8_t* s, uint32_t length)
 {
     const uint8_t* limit = s + length;
     while (s < limit) {
         uint32_t len;
-        if ((*s & 0x80) == 0)
+        uint32_t min;
+        uint32_t n = *s;
+        if ((n & 0x80) == 0) {
             len = 1;
-        else if ((*s & 0xE0) == 0xC0)
+            min = 0;
+        } else if ((n & 0xE0) == 0xC0) {
             len = 2;
-        else if ((*s & 0xF0) == 0xE0)
+            min = 0x80;
+            n &= 0x1F;
+        } else if ((n & 0xF0) == 0xE0) {
             len = 3;
-        else if ((*s & 0xF8) == 0xF0)
+            min = 0x800;
+            n &= 0x0F;
+        } else if ((n & 0xF8) == 0xF0) {
             len = 4;
-        else
+            min = 0x10000;
+            n &= 0x07;
+        } else {
             return false;
+        }
         if (s + len > limit)
             return false;
         for (uint32_t i = 1; i < len; i++) {
             if ((s[i] & 0xC0) != 0x80)
                 return false;
+            n = (n << 6) | (s[i] & 0x3F);
         }
+        if (n < min || (0xD800 <= n && n < 0xE000) || n >= 0x110000)
+            return false;
         s += len;
     }
     return true;
 }