Avoid a buffer overrun in GET_NORMALIZED_STRING.
This custom SQL function uses a fixed buffer of
128 characters and would overrun the buffer if
passed a longer src string.
Also, fix another problem with the function
where it was using the incorrect value for
next_codepoint. It was reading from the
destination array not the source array.
Bug: 2089658
diff --git a/android/PhoneticStringUtils.cpp b/android/PhoneticStringUtils.cpp
index da5767f..cf85cb8 100644
--- a/android/PhoneticStringUtils.cpp
+++ b/android/PhoneticStringUtils.cpp
@@ -292,7 +292,7 @@
src = STR_FOR_NULL_STR;
}
- char32_t codepoints[MAX_CODEPOINTS];
+ char32_t codepoints[MAX_CODEPOINTS]; // if array size is changed the for loop needs to be changed
size_t src_len = utf8_length(src);
if (src_len == 0) {
@@ -300,7 +300,7 @@
}
bool next_is_consumed;
size_t j = 0;
- for (size_t i = 0; i < src_len;) {
+ for (size_t i = 0; i < src_len && j < MAX_CODEPOINTS;) {
int32_t ret = utf32_at(src, src_len, i, &i);
if (ret < 0) {
// failed to parse UTF-8
@@ -308,7 +308,7 @@
}
ret = get_codepoint_function(
static_cast<char32_t>(ret),
- i + 1 < src_len ? codepoints[i + 1] : 0,
+ i + 1 < src_len ? src[i + 1] : 0,
&next_is_consumed);
if (ret > 0) {
codepoints[j] = static_cast<char32_t>(ret);