Prevent index overflow due to tag_map in libwc
Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31936
This commit is contained in:
Tatsuya Kinoshita
@@ -677,9 +677,9 @@ wc_ucs_put_tag(char *p)
|
|||||||
if (!strcasecmp(p, tag_map[i]))
|
if (!strcasecmp(p, tag_map[i]))
|
||||||
return i;
|
return i;
|
||||||
}
|
}
|
||||||
n_tag_map++;
|
if (n_tag_map + 1 >= MAX_TAG_MAP)
|
||||||
if (n_tag_map == MAX_TAG_MAP)
|
|
||||||
return 0;
|
return 0;
|
||||||
|
n_tag_map++;
|
||||||
tag_map[n_tag_map] = p;
|
tag_map[n_tag_map] = p;
|
||||||
return n_tag_map;
|
return n_tag_map;
|
||||||
}
|
}
|
||||||
@@ -687,7 +687,7 @@ wc_ucs_put_tag(char *p)
|
|||||||
char *
|
char *
|
||||||
wc_ucs_get_tag(int ntag)
|
wc_ucs_get_tag(int ntag)
|
||||||
{
|
{
|
||||||
if (ntag == 0 || ntag > n_tag_map)
|
if (ntag <= 0 || ntag > n_tag_map)
|
||||||
return NULL;
|
return NULL;
|
||||||
return tag_map[ntag];
|
return tag_map[ntag];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -25,8 +25,8 @@
|
|||||||
#define WC_C_UCS4_PLANE3 0x30000
|
#define WC_C_UCS4_PLANE3 0x30000
|
||||||
|
|
||||||
#define wc_ucs_tag_to_ucs(c) ((c) & WC_C_UNICODE_MASK)
|
#define wc_ucs_tag_to_ucs(c) ((c) & WC_C_UNICODE_MASK)
|
||||||
#define wc_ucs_tag_to_tag(c) ((c) >> 24)
|
#define wc_ucs_tag_to_tag(c) (((c) >> 24) & 0xff)
|
||||||
#define wc_ucs_to_ucs_tag(c,tag) ((c) | ((tag) << 24))
|
#define wc_ucs_to_ucs_tag(c,tag) ((c) | ((wc_uint32)((tag) & 0xff) << 24))
|
||||||
#define wc_ccs_ucs_to_ccs_ucs_tag(ccs) (WC_CCS_UCS_TAG | ((ccs) & ~WC_CCS_A_SET))
|
#define wc_ccs_ucs_to_ccs_ucs_tag(ccs) (WC_CCS_UCS_TAG | ((ccs) & ~WC_CCS_A_SET))
|
||||||
#define wc_ucs_to_utf16(ucs) \
|
#define wc_ucs_to_utf16(ucs) \
|
||||||
((((((ucs) - WC_C_UCS4_PLANE1) >> 10) | WC_C_UCS2_SURROGATE) << 16) \
|
((((((ucs) - WC_C_UCS4_PLANE1) >> 10) | WC_C_UCS2_SURROGATE) << 16) \
|
||||||
|
|||||||
Reference in New Issue
Block a user