| 1577 | } |
| 1578 | |
| 1579 | static bool has_invalid_utf8(const char *buf, size_t len, size_t *bad_offset) |
| 1580 | { |
| 1581 | size_t offset = 0; |
| 1582 | static const unsigned int max_codepoint[] = { |
| 1583 | 0x7f, 0x7ff, 0xffff, 0x10ffff |
| 1584 | }; |
| 1585 | |
| 1586 | while (len) { |
| 1587 | unsigned char c = *buf++; |
| 1588 | unsigned bytes; |
| 1589 | unsigned int codepoint; |
| 1590 | unsigned int min_val, max_val; |
| 1591 | |
| 1592 | len--; |
| 1593 | offset++; |
| 1594 | |
| 1595 | /* Simple US-ASCII? No worries. */ |
| 1596 | if (c < 0x80) |
| 1597 | continue; |
| 1598 | |
| 1599 | *bad_offset = offset-1; |
| 1600 | |
| 1601 | /* |
| 1602 | * Count how many more high bits set: that's how |
| 1603 | * many more bytes this sequence should have. |
| 1604 | */ |
| 1605 | bytes = 0; |
| 1606 | while (c & 0x40) { |
| 1607 | c <<= 1; |
| 1608 | bytes++; |
| 1609 | } |
| 1610 | |
| 1611 | /* |
| 1612 | * Must be between 1 and 3 more bytes. Longer sequences result in |
| 1613 | * codepoints beyond U+10FFFF, which are guaranteed never to exist. |
| 1614 | */ |
| 1615 | if (bytes < 1 || 3 < bytes) |
| 1616 | return true; |
| 1617 | |
| 1618 | /* Do we *have* that many bytes? */ |
| 1619 | if (len < bytes) |
| 1620 | return true; |
| 1621 | |
| 1622 | /* |
| 1623 | * Place the encoded bits at the bottom of the value and compute the |
| 1624 | * valid range. |
| 1625 | */ |
| 1626 | codepoint = (c & 0x7f) >> bytes; |
| 1627 | min_val = max_codepoint[bytes-1] + 1; |
| 1628 | max_val = max_codepoint[bytes]; |
| 1629 | |
| 1630 | offset += bytes; |
| 1631 | len -= bytes; |
| 1632 | |
| 1633 | /* And verify that they are good continuation bytes */ |
| 1634 | do { |
| 1635 | codepoint <<= 6; |
| 1636 | codepoint |= *buf & 0x3f; |