Skip to content

Commit c9f25bc

Browse files
IdanHoawesomekling
authored andcommitted
LibTextCodec: Make UTF16BEDecoder read only up to an even offset
Reading up to the end of the input string of odd length results in an out-of-bounds read
1 parent 7156b61 commit c9f25bc

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

Diff for: Userland/Libraries/LibTextCodec/Decoder.cpp

+2-1
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,8 @@ String UTF8Decoder::to_utf8(const StringView& input)
183183
String UTF16BEDecoder::to_utf8(const StringView& input)
184184
{
185185
StringBuilder builder(input.length() / 2);
186-
for (size_t i = 0; i < input.length(); i += 2) {
186+
size_t utf16_length = input.length() - (input.length() % 2);
187+
for (size_t i = 0; i < utf16_length; i += 2) {
187188
u16 code_point = (input[i] << 8) | input[i + 1];
188189
builder.append_code_point(code_point);
189190
}

0 commit comments

Comments
 (0)