github-starred/ultimatepp
2
0
Fork 0
mirror of https://github.com/ultimatepp/ultimatepp.git synced 2026-05-15 14:16:07 -06:00
Code Issues 33 Projects Packages Wiki Activity Actions

[PR #99] [MERGED] Core/Stream: GetUtf8() method now returns failure on overlong and invalid sequences. #152

New issue
Closed
opened 2026-05-05 03:41:39 -06:00 by gitea-mirror · 0 comments
gitea-mirror commented 2026-05-05 03:41:39 -06:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/ultimatepp/ultimatepp/pull/99
Author: @ismail-yilmaz
Created: 9/26/2022
Status: Merged
Merged: 10/3/2022
Merged by: @mirek-fidler

Base: masterHead: stream_utf8_improvement

📝 Commits (8)

  • 641e657 Core/Stream: GetUtf8() method now returns failure on overlong squences.
  • f96aa6e Core/Stream: GetUtf8() Quicfix
  • 9438e7f Merge branch 'ultimatepp:master' into stream_utf8_improvement
  • 36c03b9 Merge branch 'ultimatepp:master' into stream_utf8_improvement
  • 86c77a2 Stream UTF8 overlong, invalid sequence autotest
  • f5f40c1 Core:/Streami: GetUtf8(), duplicate variable removed.
  • 5379f4f Core/Stream: GetUtf8() finalized.
  • 404e6ca Merge branch 'ultimatepp:master' into stream_utf8_improvement

📊 Changes

4 files changed (+90 additions, -59 deletions)

View changed files

autotest/StreamUTF8Test/StreamUTF8Test.cpp (+38 -0)
autotest/StreamUTF8Test/StreamUTF8Test.upp (+11 -0)
autotest/StreamUTF8Test/utf8_stress_test.txt (+0 -0)
📝 uppsrc/Core/Stream.cpp (+41 -59)

📄 Description

UTF-8 overlong sequences are considered a potential security threat.

For some reason, Stream::GetUtf8() methods allow up to 6 bytes sequences, which are invalid UTF-8.

This patch aims to improve the situation by returning failure (-1) also on overlong and invalid sequences.

Actual code is based on Upp::FetchUtf8() function, which also has better range checking and is faster..

Please review.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/ultimatepp/ultimatepp/pull/99 **Author:** [@ismail-yilmaz](https://github.com/ismail-yilmaz) **Created:** 9/26/2022 **Status:** ✅ Merged **Merged:** 10/3/2022 **Merged by:** [@mirek-fidler](https://github.com/mirek-fidler) **Base:** `master` ← **Head:** `stream_utf8_improvement` --- ### 📝 Commits (8) - [`641e657`](https://github.com/ultimatepp/ultimatepp/commit/641e657191653d8e8514b92b5fde5e396bd39126) Core/Stream: GetUtf8() method now returns failure on overlong squences. - [`f96aa6e`](https://github.com/ultimatepp/ultimatepp/commit/f96aa6ebbf89da8334bff3abcf25ef19a0c433d4) Core/Stream: GetUtf8() Quicfix - [`9438e7f`](https://github.com/ultimatepp/ultimatepp/commit/9438e7f22e29bdf741008caf2a3b524d6b4b4649) Merge branch 'ultimatepp:master' into stream_utf8_improvement - [`36c03b9`](https://github.com/ultimatepp/ultimatepp/commit/36c03b9b665724abf4750de39fb2bce01d3c8265) Merge branch 'ultimatepp:master' into stream_utf8_improvement - [`86c77a2`](https://github.com/ultimatepp/ultimatepp/commit/86c77a2f5d6e4429c6e2a2f85942ed76a5b52217) Stream UTF8 overlong, invalid sequence autotest - [`f5f40c1`](https://github.com/ultimatepp/ultimatepp/commit/f5f40c1101b2c1968e42ea74b971cbb3743d90e1) Core:/Streami: GetUtf8(), duplicate variable removed. - [`5379f4f`](https://github.com/ultimatepp/ultimatepp/commit/5379f4fd3381680f492b2f74ecea7361acf65766) Core/Stream: GetUtf8() finalized. - [`404e6ca`](https://github.com/ultimatepp/ultimatepp/commit/404e6caf94a03539b1b3a7eb2483f8768fcf87a3) Merge branch 'ultimatepp:master' into stream_utf8_improvement ### 📊 Changes **4 files changed** (+90 additions, -59 deletions) <details> <summary>View changed files</summary> ➕ `autotest/StreamUTF8Test/StreamUTF8Test.cpp` (+38 -0) ➕ `autotest/StreamUTF8Test/StreamUTF8Test.upp` (+11 -0) ➕ `autotest/StreamUTF8Test/utf8_stress_test.txt` (+0 -0) 📝 `uppsrc/Core/Stream.cpp` (+41 -59) </details> ### 📄 Description UTF-8 overlong sequences are considered a potential security threat. For some reason, Stream::GetUtf8() methods allow up to 6 bytes sequences, which are invalid UTF-8. This patch aims to improve the situation by returning failure (-1) also on overlong and invalid sequences. Actual code is based on Upp::FetchUtf8() function, which also has better range checking and is faster.. Please review. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
gitea-mirror 2026-05-05 03:41:39 -06:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
virtual_popups
QHD
klugier/view-draw-grid-ctrl-removal
custome_titlebar_refactor
klugier/help-icon-after-line-display
X11S
klugier/umk-check-git-command-statuses
diagram_dev
stable
klugier/lambda-captuer-warnings-gui-01
custom_titlebar
next2025_1
DarkModeContent
release_2024_1
pixelmode
blocksel
skin
bad_alloc
logs
TopSetRect
klugier/gdk-get-workarea-fixed-wayland
doc2024
Core2024
upp_14
animations
_t
layzoom
v2026.1
v2021.1
v2022.1
v2022.2
v2022.3
v2023.1
v2023.2
v2024.1
v2024.1.1
v2025.1
v2025.1.1
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/ultimatepp#152
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?