From 5687c4f43cc3eae3cdabf4be9526d9f71a331aa7 Mon Sep 17 00:00:00 2001 From: jarlob Date: Sat, 1 Jul 2023 21:44:47 +0200 Subject: [PATCH 1/2] GHSL-2023-112: check if the current pointer and the next one are less than the end --- PowerEditor/src/Utf8_16.cpp | 2 +- PowerEditor/src/Utf8_16.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PowerEditor/src/Utf8_16.cpp b/PowerEditor/src/Utf8_16.cpp index d306f44f741..acf8c387885 100644 --- a/PowerEditor/src/Utf8_16.cpp +++ b/PowerEditor/src/Utf8_16.cpp @@ -152,7 +152,7 @@ size_t Utf8_16_Read::convert(char* buf, size_t len) case uni16LE_NoBOM: case uni16BE: case uni16LE: { - size_t newSize = len + len / 2 + 1; + size_t newSize = (len + len % 2) + (len + len % 2) / 2; if (m_nAllocatedBufSize != newSize) { diff --git a/PowerEditor/src/Utf8_16.h b/PowerEditor/src/Utf8_16.h index a539a8a4bc1..817cdc024c6 100644 --- a/PowerEditor/src/Utf8_16.h +++ b/PowerEditor/src/Utf8_16.h @@ -53,7 +53,7 @@ class Utf16_Iter : public Utf8_16 { bool get(utf8 *c); void operator++(); eState getState() { return m_eState; }; - operator bool() { return (m_pRead < m_pEnd) || (m_out1st != m_outLst); }; + operator bool() { return (m_pRead + 1 < m_pEnd) || (m_out1st != m_outLst); }; protected: void read(); From 6567a890947293f47aae79d37a9782aeeb16c4e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Fri, 1 Sep 2023 17:28:58 +0200 Subject: [PATCH 2/2] Add comment --- PowerEditor/src/Utf8_16.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/PowerEditor/src/Utf8_16.h b/PowerEditor/src/Utf8_16.h index 817cdc024c6..5e36c2668ef 100644 --- a/PowerEditor/src/Utf8_16.h +++ b/PowerEditor/src/Utf8_16.h @@ -53,6 +53,8 @@ class Utf16_Iter : public Utf8_16 { bool get(utf8 *c); void operator++(); eState getState() { return m_eState; }; + // Utf8_16::read always consumes two bytes, + // thus the bool operator checks if m_pRead is less than m_pEnd by two bytes. operator bool() { return (m_pRead + 1 < m_pEnd) || (m_out1st != m_outLst); }; protected: