commit | 0a42e8e062d2a5c6795015c8d43780513228d726 | [log] [tgz] |
---|---|---|
author | Aart Bik <ajcbik@google.com> | Fri Mar 15 18:18:15 2019 +0000 |
committer | commit-bot@chromium.org <commit-bot@chromium.org> | Fri Mar 15 18:18:15 2019 +0000 |
tree | 06d1af1754dceeff608ed225fc65faab5dbaf743 | |
parent | 74a23b96b041bda212acd7da3fdcedf74bb398a9 [diff] |
[dart/vm] fix potential buffer overrun in unicode utils Rationale: Found by libFuzzer, calling into Utf16::Encode should ensure sufficient output buffer is available since it accesses two uint16_t words. https://github.com/dart-lang/sdk/issues/36235 Change-Id: I14733b0b059f9d710e022b02d143e42c8b5f91e3 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/97042 Reviewed-by: Alexander Markov <alexmarkov@google.com> Commit-Queue: Aart Bik <ajcbik@google.com>
diff --git a/runtime/vm/unicode.cc b/runtime/vm/unicode.cc index a3b4fb9..90379d1 100644 --- a/runtime/vm/unicode.cc +++ b/runtime/vm/unicode.cc
@@ -344,6 +344,7 @@ return false; // Invalid input. } if (is_supplementary) { + if (j == (len - 1)) return false; // Output overflow. Utf16::Encode(ch, &dst[j]); j = j + 1; } else {