Skip to content
Permalink
Browse files Browse the repository at this point in the history
LibTextCodec: Make UTF16BEDecoder read only up to an even offset
Reading up to the end of the input string of odd length results in
an out-of-bounds read
  • Loading branch information
IdanHo authored and awesomekling committed Mar 15, 2021
1 parent 7156b61 commit c9f25bc
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion Userland/Libraries/LibTextCodec/Decoder.cpp
Expand Up @@ -183,7 +183,8 @@ String UTF8Decoder::to_utf8(const StringView& input)
String UTF16BEDecoder::to_utf8(const StringView& input)
{
StringBuilder builder(input.length() / 2);
for (size_t i = 0; i < input.length(); i += 2) {
size_t utf16_length = input.length() - (input.length() % 2);
for (size_t i = 0; i < utf16_length; i += 2) {
u16 code_point = (input[i] << 8) | input[i + 1];
builder.append_code_point(code_point);
}
Expand Down

0 comments on commit c9f25bc

Please sign in to comment.