Don't allow surrugate code points in UTF-8

These are not valid outside of UTF-16 so seeing them in a UTF-8 sequence
means that something is wrong with that sequence. Best to filter them
out rather than letting them propagate and have unknown effects.

diff --git a/common/rfb/util.cxx b/common/rfb/util.cxx
index a3f164439f8c5e5b1e5db1d0517eec78d4b32e23..d1a8cc332b61034ba3b0a5f82de35b0e3eb677e0 100644 (file)
--- a/common/rfb/util.cxx
+++ b/common/rfb/util.cxx
@@ -266,6 +266,8 @@ namespace rfb {
       *dst++ = 0x80 | (src & 0x3f);
       *dst++ = '\0';
       return 2;
+    } else if ((src >= 0xd800) && (src < 0xe000)) {
+      return ucs4ToUTF8(0xfffd, dst);
     } else if (src < 0x10000) {
       *dst++ = 0xe0 | (src >> 12);
       *dst++ = 0x80 | ((src >> 6) & 0x3f);
@@ -334,6 +336,10 @@ namespace rfb {
       max--;
     }
 
+    // UTF-16 surrogate code point?
+    if ((*dst >= 0xd800) && (*dst < 0xe000))
+      *dst = 0xfffd;
+
     return consumed;
   }
 

diff --git a/tests/unit/unicode.cxx b/tests/unit/unicode.cxx
index d4e567e9b0c761857cb92f61767cf58cd93de1d6..cb15e7e1df6633c2319de39ed96f68618f86646a 100644 (file)
--- a/tests/unit/unicode.cxx
+++ b/tests/unit/unicode.cxx
@@ -53,6 +53,10 @@ struct _ucs4utf8 ucs4utf8[] = {
     { 0x1f638, "\xf0\x9f\x98\xb8" },
     { 0x2d006, "\xf0\xad\x80\x86" },
     { 0xfffd, "\xe5\xe4" },
+    { 0xfffd, "\xed\xa2\x80" },
+    { 0xfffd, "\xed\xbb\xbf" },
+    { 0xd880, "\xef\xbf\xbd" },
+    { 0xdeff, "\xef\xbf\xbd" },
     { 0x110200, "\xef\xbf\xbd" },
 };
 
@@ -93,6 +97,7 @@ const char *validutf8[] = {
 const char *invalidutf8[] = {
     "\xe5\xe4\xf6",
     "\xf8\xa1\xa1\xa1\xa1",
+    "\xed\xa2\x80",
 };
 
 const wchar_t *validutf16[] = {