Attachment #138787 for bug #202628

View | Details | Raw Unified | Return to bug 202628
Collapse All | Expand All





	c = *cur;
	if (c & 0x80) {
	    if (((c & 0x40) == 0) || (c == 0xC0))
		goto encoding_error;
	    if (cur[1] == 0)
		xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
	    if ((cur[1] & 0xc0) != 0x80)
		goto encoding_error;
	    if ((c & 0xe0) == 0xe0) {

		if (cur[2] == 0)
		    xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
		if ((cur[2] & 0xc0) != 0x80)

		    val |= (cur[1] & 0x3f) << 12;
		    val |= (cur[2] & 0x3f) << 6;
		    val |= cur[3] & 0x3f;
		    if (val < 0x10000)
			goto encoding_error;
		} else {
		  /* 3-byte code */
		    *len = 3;
		    val = (cur[0] & 0xf) << 12;
		    val |= (cur[1] & 0x3f) << 6;
		    val |= cur[2] & 0x3f;
		    if (val < 0x800)
			goto encoding_error;
		}
	    } else {
	      /* 2-byte code */
		*len = 2;
		val = (cur[0] & 0x1f) << 6;
		val |= cur[1] & 0x3f;
		if (val < 0x80)
		    goto encoding_error;
	    }
	    if (!IS_CHAR(val)) {
	        xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,

	} else {
	    /* 1-byte code */
	    *len = 1;
	    if (*ctxt->input->cur == 0)
		xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
	    if ((*ctxt->input->cur == 0) &&
	        (ctxt->input->end > ctxt->input->cur)) {
	        xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
				  "Char 0x%X out of allowed range\n", val);
	    }
	    if (*ctxt->input->cur == 0xD) {
		if (ctxt->input->cur[1] == 0xA) {
		    ctxt->nbChars++;

Return to bug 202628

Lines 638-651 Link Here

(-)parserInternals.c (-2 / +14 lines)
638		638
639	c = *cur;	639	c = *cur;
640	if (c & 0x80) {	640	if (c & 0x80) {
641	if (c == 0xC0)	641	if (((c & 0x40) == 0) \|\| (c == 0xC0))
642	goto encoding_error;	642	goto encoding_error;
643	if (cur[1] == 0)	643	if (cur[1] == 0)
644	xmlParserInputGrow(ctxt->input, INPUT_CHUNK);	644	xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
645	if ((cur[1] & 0xc0) != 0x80)	645	if ((cur[1] & 0xc0) != 0x80)
646	goto encoding_error;	646	goto encoding_error;
647	if ((c & 0xe0) == 0xe0) {	647	if ((c & 0xe0) == 0xe0) {
648
649	if (cur[2] == 0)	648	if (cur[2] == 0)
650	xmlParserInputGrow(ctxt->input, INPUT_CHUNK);	649	xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
651	if ((cur[2] & 0xc0) != 0x80)	650	if ((cur[2] & 0xc0) != 0x80)
Lines 662-679 Link Here
662	val \|= (cur[1] & 0x3f) << 12;	661	val \|= (cur[1] & 0x3f) << 12;
663	val \|= (cur[2] & 0x3f) << 6;	662	val \|= (cur[2] & 0x3f) << 6;
664	val \|= cur[3] & 0x3f;	663	val \|= cur[3] & 0x3f;
		664	if (val < 0x10000)
		665	goto encoding_error;
665	} else {	666	} else {
666	/* 3-byte code */	667	/* 3-byte code */
667	*len = 3;	668	*len = 3;
668	val = (cur[0] & 0xf) << 12;	669	val = (cur[0] & 0xf) << 12;
669	val \|= (cur[1] & 0x3f) << 6;	670	val \|= (cur[1] & 0x3f) << 6;
670	val \|= cur[2] & 0x3f;	671	val \|= cur[2] & 0x3f;
		672	if (val < 0x800)
		673	goto encoding_error;
671	}	674	}
672	} else {	675	} else {
673	/* 2-byte code */	676	/* 2-byte code */
674	*len = 2;	677	*len = 2;
675	val = (cur[0] & 0x1f) << 6;	678	val = (cur[0] & 0x1f) << 6;
676	val \|= cur[1] & 0x3f;	679	val \|= cur[1] & 0x3f;
		680	if (val < 0x80)
		681	goto encoding_error;
677	}	682	}
678	if (!IS_CHAR(val)) {	683	if (!IS_CHAR(val)) {
679	xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,	684	xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
Lines 683-688 Link Here
683	} else {	688	} else {
684	/* 1-byte code */	689	/* 1-byte code */
685	*len = 1;	690	*len = 1;
		691	if (*ctxt->input->cur == 0)
		692	xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
		693	if ((*ctxt->input->cur == 0) &&
		694	(ctxt->input->end > ctxt->input->cur)) {
		695	xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
		696	"Char 0x%X out of allowed range\n", val);
		697	}
686	if (*ctxt->input->cur == 0xD) {	698	if (*ctxt->input->cur == 0xD) {
687	if (ctxt->input->cur[1] == 0xA) {	699	if (ctxt->input->cur[1] == 0xA) {
688	ctxt->nbChars++;	700	ctxt->nbChars++;