Merge changes from topic 'utf'
* changes:
Add bound checks to utf16_to_utf8
Unicode: specify destination length in utf8_to_utf16 methods
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 5886d74..061cb08 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -750,7 +750,7 @@
const uint8_t* strData = (uint8_t*)str.data();
const size_t strLen= str.length();
const ssize_t utf16Len = utf8_to_utf16_length(strData, strLen);
- if (utf16Len < 0 || utf16Len> std::numeric_limits<int32_t>::max()) {
+ if (utf16Len < 0 || utf16Len > std::numeric_limits<int32_t>::max()) {
return BAD_VALUE;
}
@@ -765,7 +765,7 @@
return NO_MEMORY;
}
- utf8_to_utf16(strData, strLen, (char16_t*)dst);
+ utf8_to_utf16(strData, strLen, (char16_t*)dst, (size_t) utf16Len + 1);
return NO_ERROR;
}
@@ -1761,15 +1761,16 @@
return NO_ERROR;
}
- ssize_t utf8Size = utf16_to_utf8_length(src, utf16Size);
- if (utf8Size < 0) {
+ // Allow for closing '\0'
+ ssize_t utf8Size = utf16_to_utf8_length(src, utf16Size) + 1;
+ if (utf8Size < 1) {
return BAD_VALUE;
}
// Note that while it is probably safe to assume string::resize keeps a
- // spare byte around for the trailing null, we're going to be explicit.
- str->resize(utf8Size + 1);
- utf16_to_utf8(src, utf16Size, &((*str)[0]));
+ // spare byte around for the trailing null, we still pass the size including the trailing null
str->resize(utf8Size);
+ utf16_to_utf8(src, utf16Size, &((*str)[0]), utf8Size);
+ str->resize(utf8Size - 1);
return NO_ERROR;
}