paweld/lazarus
1
0
Fork 0
mirror of https://gitlab.com/freepascal.org/lazarus/lazarus.git synced 2025-04-25 16:09:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

LazUtf8: fix FindInvalidUtf8CodePoint for 3-byte encodings that encode for values reserved for UTF-16 surrogate halves.

Browse Source 
git-svn-id: trunk@65246 -
This commit is contained in:
bart 2021-06-16 08:25:28 +00:00
parent b9d3913b60
commit 7a69a2a702
1 changed files with 2 additions and 0 deletions

2
components/lazutils/lazutf8.pas
View File

@ -2848,6 +2848,8 @@ begin
and ((ord(p[2]) and %11000000) = %10000000) then begin
if (c=%11100000) and (ord(p[1])<=%10011111) then
exit; // XSS attack: 3 bytes are mapped to the 1 or 2 byte codes
if ((c=%11101101) and (ord(p[1])>=%10100000)) then
exit; //Reserved values for UTF-16 surrogate halves
CharLen:=3;
end else
exit; // missing following bytes