[haiku-bugs] Re: [Haiku] #840: Translation kit should be reviewed for utf-8 string vulnerabilities

  • From: "Haiku" <trac@xxxxxxxxxxxx>
  • To: undisclosed-recipients: ;
  • Date: Fri, 08 May 2020 07:34:43 -0000

#840: Translation kit should be reviewed for utf-8 string vulnerabilities
--------------------------------------+--------------------
  Reporter:  marcusoverhagen          |      Owner:  nobody
      Type:  enhancement              |     Status:  new
  Priority:  normal                   |  Milestone:  R1
 Component:  Kits/libtextencoding.so  |    Version:
Resolution:                           |   Keywords:
Blocked By:                           |   Blocking:
  Platform:  All                      |
--------------------------------------+--------------------
Changes (by pulkomandy):

 * component:  Kits/Translation Kit => Kits/libtextencoding.so

Comment:

 Functions to review (from a grep on "utf8"):

 {{{
 os/locale/UnicodeChar.h:                static uint32 FromUTF8(const
 char** in);
 os/locale/UnicodeChar.h:                static uint32 FromUTF8(const char*
 in);
 os/locale/UnicodeChar.h:                static size_t
 UTF8StringLength(const char* string);
 os/locale/UnicodeChar.h:                static size_t
 UTF8StringLength(const char* string, size_t maxLength);
 os/support/UTF8.h:status_t convert_to_utf8(uint32 sourceEncoding, const
 char* source,
 os/support/UTF8.h:status_t convert_from_utf8(uint32 destEncoding, const
 char* source,
 private/file_systems/QueryParserUtils.h:uint32
 utf8ToUnicode(char** string);
 private/interface/utf8_functions.h:UTF8NextCharLenUnsafe(const char *text)
 private/interface/utf8_functions.h:UTF8NextCharLen(const char *text)
 private/interface/utf8_functions.h:UTF8NextCharLen(const char *bytes,
 size_t length)
 private/interface/utf8_functions.h:UTF8PreviousCharLen(const char *text,
 const char *limit)
 private/interface/utf8_functions.h:UTF8CountBytes(const char *bytes, int32
 numChars)
 private/interface/utf8_functions.h:UTF8CountChars(const char *bytes, int32
 numBytes)
 private/interface/utf8_functions.h:UTF8ToCharCode(const char **bytes)
 private/mail/mail_util.h:status_t mail_convert_to_utf8(uint32 srcEncoding,
 const char *src,
 private/mail/mail_util.h:status_t mail_convert_from_utf8(uint32
 dstEncoding, const char *src,
 private/mail/mail_util.h:ssize_t rfc2047_to_utf8(char **buffer, size_t
 *bufLen, size_t strLen = 0);
 private/mail/mail_util.h:ssize_t utf8_to_rfc2047(char **bufp, ssize_t
 length,uint32 charset, char encoding);
 private/system/convertutf.h:ssize_t utf16le_to_utf8(const uint16* source,
 size_t sourceCodeUnitCount,
 private/system/convertutf.h:ssize_t utf16be_to_utf8(const uint16* source,
 size_t sourceCodeUnitCount,
 }}}

 None of this is in the translation kit, however. Moving to libtextencoding
 even if that's also not quite accurate. We should also check why there are
 so many utf8 manipulation functions all around.

 All functions which manipulate "characters" (vs bytes) in BString are also
 candidates.
-- 
Ticket URL: <https://dev.haiku-os.org/ticket/840#comment:4>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.

Other related posts:

  • » [haiku-bugs] Re: [Haiku] #840: Translation kit should be reviewed for utf-8 string vulnerabilities - Haiku
  1. Home
  2. haiku-bugs
  3. Archive
  4. 05-2020