The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 1 | /* libs/cutils/strdup16to8.c |
| 2 | ** |
| 3 | ** Copyright 2006, The Android Open Source Project |
| 4 | ** |
| 5 | ** Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | ** you may not use this file except in compliance with the License. |
| 7 | ** You may obtain a copy of the License at |
| 8 | ** |
| 9 | ** http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | ** |
| 11 | ** Unless required by applicable law or agreed to in writing, software |
| 12 | ** distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | ** See the License for the specific language governing permissions and |
| 15 | ** limitations under the License. |
| 16 | */ |
| 17 | |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 18 | #include <limits.h> /* for SIZE_MAX */ |
| 19 | |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 20 | #include <cutils/jstring.h> |
| 21 | #include <assert.h> |
| 22 | #include <stdlib.h> |
| 23 | |
| 24 | |
| 25 | /** |
| 26 | * Given a UTF-16 string, compute the length of the corresponding UTF-8 |
| 27 | * string in bytes. |
| 28 | */ |
| 29 | extern size_t strnlen16to8(const char16_t* utf16Str, size_t len) |
| 30 | { |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 31 | size_t utf8Len = 0; |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 32 | |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 33 | /* A small note on integer overflow. The result can |
| 34 | * potentially be as big as 3*len, which will overflow |
| 35 | * for len > SIZE_MAX/3. |
| 36 | * |
| 37 | * Moreover, the result of a strnlen16to8 is typically used |
| 38 | * to allocate a destination buffer to strncpy16to8 which |
| 39 | * requires one more byte to terminate the UTF-8 copy, and |
| 40 | * this is generally done by careless users by incrementing |
| 41 | * the result without checking for integer overflows, e.g.: |
| 42 | * |
| 43 | * dst = malloc(strnlen16to8(utf16,len)+1) |
| 44 | * |
| 45 | * Due to this, the following code will try to detect |
| 46 | * overflows, and never return more than (SIZE_MAX-1) |
| 47 | * when it detects one. A careless user will try to malloc |
| 48 | * SIZE_MAX bytes, which will return NULL which can at least |
| 49 | * be detected appropriately. |
| 50 | * |
| 51 | * As far as I know, this function is only used by strndup16(), |
| 52 | * but better be safe than sorry. |
| 53 | */ |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 54 | |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 55 | /* Fast path for the usual case where 3*len is < SIZE_MAX-1. |
| 56 | */ |
| 57 | if (len < (SIZE_MAX-1)/3) { |
Nick Kralevich | 2b98a9e | 2015-08-27 10:30:50 -0700 | [diff] [blame] | 58 | while (len != 0) { |
| 59 | len--; |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 60 | unsigned int uic = *utf16Str++; |
| 61 | |
| 62 | if (uic > 0x07ff) |
| 63 | utf8Len += 3; |
| 64 | else if (uic > 0x7f || uic == 0) |
| 65 | utf8Len += 2; |
| 66 | else |
| 67 | utf8Len++; |
| 68 | } |
| 69 | return utf8Len; |
| 70 | } |
| 71 | |
| 72 | /* The slower but paranoid version */ |
Nick Kralevich | 2b98a9e | 2015-08-27 10:30:50 -0700 | [diff] [blame] | 73 | while (len != 0) { |
| 74 | len--; |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 75 | unsigned int uic = *utf16Str++; |
| 76 | size_t utf8Cur = utf8Len; |
| 77 | |
| 78 | if (uic > 0x07ff) |
| 79 | utf8Len += 3; |
| 80 | else if (uic > 0x7f || uic == 0) |
| 81 | utf8Len += 2; |
| 82 | else |
| 83 | utf8Len++; |
| 84 | |
| 85 | if (utf8Len < utf8Cur) /* overflow detected */ |
| 86 | return SIZE_MAX-1; |
| 87 | } |
| 88 | |
| 89 | /* don't return SIZE_MAX to avoid common user bug */ |
| 90 | if (utf8Len == SIZE_MAX) |
| 91 | utf8Len = SIZE_MAX-1; |
| 92 | |
| 93 | return utf8Len; |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 94 | } |
| 95 | |
| 96 | |
| 97 | /** |
| 98 | * Convert a Java-Style UTF-16 string + length to a JNI-Style UTF-8 string. |
| 99 | * |
| 100 | * This basically means: embedded \0's in the UTF-16 string are encoded |
| 101 | * as "0xc0 0x80" |
| 102 | * |
| 103 | * Make sure you allocate "utf8Str" with the result of strlen16to8() + 1, |
| 104 | * not just "len". |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 105 | * |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 106 | * Please note, a terminated \0 is always added, so your result will always |
| 107 | * be "strlen16to8() + 1" bytes long. |
| 108 | */ |
| 109 | extern char* strncpy16to8(char* utf8Str, const char16_t* utf16Str, size_t len) |
| 110 | { |
| 111 | char* utf8cur = utf8Str; |
| 112 | |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 113 | /* Note on overflows: We assume the user did check the result of |
| 114 | * strnlen16to8() properly or at a minimum checked the result of |
| 115 | * its malloc(SIZE_MAX) in case of overflow. |
| 116 | */ |
Nick Kralevich | 2b98a9e | 2015-08-27 10:30:50 -0700 | [diff] [blame] | 117 | while (len != 0) { |
| 118 | len--; |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 119 | unsigned int uic = *utf16Str++; |
| 120 | |
| 121 | if (uic > 0x07ff) { |
| 122 | *utf8cur++ = (uic >> 12) | 0xe0; |
| 123 | *utf8cur++ = ((uic >> 6) & 0x3f) | 0x80; |
| 124 | *utf8cur++ = (uic & 0x3f) | 0x80; |
| 125 | } else if (uic > 0x7f || uic == 0) { |
| 126 | *utf8cur++ = (uic >> 6) | 0xc0; |
| 127 | *utf8cur++ = (uic & 0x3f) | 0x80; |
| 128 | } else { |
| 129 | *utf8cur++ = uic; |
| 130 | |
| 131 | if (uic == 0) { |
| 132 | break; |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 133 | } |
| 134 | } |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 135 | } |
| 136 | |
| 137 | *utf8cur = '\0'; |
| 138 | |
| 139 | return utf8Str; |
| 140 | } |
| 141 | |
| 142 | /** |
| 143 | * Convert a UTF-16 string to UTF-8. |
| 144 | * |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 145 | */ |
| 146 | char * strndup16to8 (const char16_t* s, size_t n) |
| 147 | { |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 148 | char* ret; |
| 149 | size_t len; |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 150 | |
| 151 | if (s == NULL) { |
| 152 | return NULL; |
| 153 | } |
| 154 | |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 155 | len = strnlen16to8(s, n); |
| 156 | |
| 157 | /* We are paranoid, and we check for SIZE_MAX-1 |
| 158 | * too since it is an overflow value for our |
| 159 | * strnlen16to8 implementation. |
| 160 | */ |
| 161 | if (len >= SIZE_MAX-1) |
| 162 | return NULL; |
| 163 | |
| 164 | ret = malloc(len + 1); |
| 165 | if (ret == NULL) |
| 166 | return NULL; |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 167 | |
| 168 | strncpy16to8 (ret, s, n); |
David 'Digit' Turner | a26c4e0 | 2009-05-02 19:43:30 +0200 | [diff] [blame] | 169 | |
| 170 | return ret; |
The Android Open Source Project | dd7bc33 | 2009-03-03 19:32:55 -0800 | [diff] [blame] | 171 | } |