Line data Source code
1 : /* libs/cutils/strdup16to8.c
2 : **
3 : ** Copyright 2006, The Android Open Source Project
4 : **
5 : ** Licensed under the Apache License, Version 2.0 (the "License");
6 : ** you may not use this file except in compliance with the License.
7 : ** You may obtain a copy of the License at
8 : **
9 : ** http://www.apache.org/licenses/LICENSE-2.0
10 : **
11 : ** Unless required by applicable law or agreed to in writing, software
12 : ** distributed under the License is distributed on an "AS IS" BASIS,
13 : ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 : ** See the License for the specific language governing permissions and
15 : ** limitations under the License.
16 : */
17 :
18 : #include <limits.h> /* for SIZE_MAX */
19 :
20 : #include <cutils/jstring.h>
21 : #include <assert.h>
22 : #include <stdlib.h>
23 :
24 :
25 : /**
26 : * Given a UTF-16 string, compute the length of the corresponding UTF-8
27 : * string in bytes.
28 : */
29 0 : extern size_t strnlen16to8(const char16_t* utf16Str, size_t len)
30 : {
31 0 : size_t utf8Len = 0;
32 :
33 : /* A small note on integer overflow. The result can
34 : * potentially be as big as 3*len, which will overflow
35 : * for len > SIZE_MAX/3.
36 : *
37 : * Moreover, the result of a strnlen16to8 is typically used
38 : * to allocate a destination buffer to strncpy16to8 which
39 : * requires one more byte to terminate the UTF-8 copy, and
40 : * this is generally done by careless users by incrementing
41 : * the result without checking for integer overflows, e.g.:
42 : *
43 : * dst = malloc(strnlen16to8(utf16,len)+1)
44 : *
45 : * Due to this, the following code will try to detect
46 : * overflows, and never return more than (SIZE_MAX-1)
47 : * when it detects one. A careless user will try to malloc
48 : * SIZE_MAX bytes, which will return NULL which can at least
49 : * be detected appropriately.
50 : *
51 : * As far as I know, this function is only used by strndup16(),
52 : * but better be safe than sorry.
53 : */
54 :
55 : /* Fast path for the usual case where 3*len is < SIZE_MAX-1.
56 : */
57 0 : if (len < (SIZE_MAX-1)/3) {
58 0 : while (len--) {
59 0 : unsigned int uic = *utf16Str++;
60 :
61 0 : if (uic > 0x07ff)
62 0 : utf8Len += 3;
63 0 : else if (uic > 0x7f || uic == 0)
64 0 : utf8Len += 2;
65 : else
66 0 : utf8Len++;
67 : }
68 0 : return utf8Len;
69 : }
70 :
71 : /* The slower but paranoid version */
72 0 : while (len--) {
73 0 : unsigned int uic = *utf16Str++;
74 0 : size_t utf8Cur = utf8Len;
75 :
76 0 : if (uic > 0x07ff)
77 0 : utf8Len += 3;
78 0 : else if (uic > 0x7f || uic == 0)
79 0 : utf8Len += 2;
80 : else
81 0 : utf8Len++;
82 :
83 0 : if (utf8Len < utf8Cur) /* overflow detected */
84 0 : return SIZE_MAX-1;
85 : }
86 :
87 : /* don't return SIZE_MAX to avoid common user bug */
88 0 : if (utf8Len == SIZE_MAX)
89 0 : utf8Len = SIZE_MAX-1;
90 :
91 0 : return utf8Len;
92 : }
93 :
94 :
95 : /**
96 : * Convert a Java-Style UTF-16 string + length to a JNI-Style UTF-8 string.
97 : *
98 : * This basically means: embedded \0's in the UTF-16 string are encoded
99 : * as "0xc0 0x80"
100 : *
101 : * Make sure you allocate "utf8Str" with the result of strlen16to8() + 1,
102 : * not just "len".
103 : *
104 : * Please note, a terminated \0 is always added, so your result will always
105 : * be "strlen16to8() + 1" bytes long.
106 : */
107 0 : extern char* strncpy16to8(char* utf8Str, const char16_t* utf16Str, size_t len)
108 : {
109 0 : char* utf8cur = utf8Str;
110 :
111 : /* Note on overflows: We assume the user did check the result of
112 : * strnlen16to8() properly or at a minimum checked the result of
113 : * its malloc(SIZE_MAX) in case of overflow.
114 : */
115 0 : while (len--) {
116 0 : unsigned int uic = *utf16Str++;
117 :
118 0 : if (uic > 0x07ff) {
119 0 : *utf8cur++ = (uic >> 12) | 0xe0;
120 0 : *utf8cur++ = ((uic >> 6) & 0x3f) | 0x80;
121 0 : *utf8cur++ = (uic & 0x3f) | 0x80;
122 0 : } else if (uic > 0x7f || uic == 0) {
123 0 : *utf8cur++ = (uic >> 6) | 0xc0;
124 0 : *utf8cur++ = (uic & 0x3f) | 0x80;
125 : } else {
126 0 : *utf8cur++ = uic;
127 :
128 0 : if (uic == 0) {
129 0 : break;
130 : }
131 : }
132 : }
133 :
134 0 : *utf8cur = '\0';
135 :
136 0 : return utf8Str;
137 : }
138 :
139 : /**
140 : * Convert a UTF-16 string to UTF-8.
141 : *
142 : */
143 0 : char * strndup16to8 (const char16_t* s, size_t n)
144 : {
145 : char* ret;
146 : size_t len;
147 :
148 0 : if (s == NULL) {
149 0 : return NULL;
150 : }
151 :
152 0 : len = strnlen16to8(s, n);
153 :
154 : /* We are paranoid, and we check for SIZE_MAX-1
155 : * too since it is an overflow value for our
156 : * strnlen16to8 implementation.
157 : */
158 0 : if (len >= SIZE_MAX-1)
159 0 : return NULL;
160 :
161 0 : ret = malloc(len + 1);
162 0 : if (ret == NULL)
163 0 : return NULL;
164 :
165 0 : strncpy16to8 (ret, s, n);
166 :
167 0 : return ret;
168 : }
|