blob: 4dc987e41e3cd3a2100aa1a71e58dc79c34b22ee [file] [log] [blame]
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -08001/* libs/cutils/strdup16to8.c
2**
3** Copyright 2006, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +020018#include <limits.h> /* for SIZE_MAX */
19
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080020#include <cutils/jstring.h>
21#include <assert.h>
22#include <stdlib.h>
23
24
25/**
26 * Given a UTF-16 string, compute the length of the corresponding UTF-8
27 * string in bytes.
28 */
29extern size_t strnlen16to8(const char16_t* utf16Str, size_t len)
30{
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +020031 size_t utf8Len = 0;
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080032
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +020033 /* A small note on integer overflow. The result can
34 * potentially be as big as 3*len, which will overflow
35 * for len > SIZE_MAX/3.
36 *
37 * Moreover, the result of a strnlen16to8 is typically used
38 * to allocate a destination buffer to strncpy16to8 which
39 * requires one more byte to terminate the UTF-8 copy, and
40 * this is generally done by careless users by incrementing
41 * the result without checking for integer overflows, e.g.:
42 *
43 * dst = malloc(strnlen16to8(utf16,len)+1)
44 *
45 * Due to this, the following code will try to detect
46 * overflows, and never return more than (SIZE_MAX-1)
47 * when it detects one. A careless user will try to malloc
48 * SIZE_MAX bytes, which will return NULL which can at least
49 * be detected appropriately.
50 *
51 * As far as I know, this function is only used by strndup16(),
52 * but better be safe than sorry.
53 */
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080054
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +020055 /* Fast path for the usual case where 3*len is < SIZE_MAX-1.
56 */
57 if (len < (SIZE_MAX-1)/3) {
Nick Kralevich2b98a9e2015-08-27 10:30:50 -070058 while (len != 0) {
59 len--;
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +020060 unsigned int uic = *utf16Str++;
61
62 if (uic > 0x07ff)
63 utf8Len += 3;
64 else if (uic > 0x7f || uic == 0)
65 utf8Len += 2;
66 else
67 utf8Len++;
68 }
69 return utf8Len;
70 }
71
72 /* The slower but paranoid version */
Nick Kralevich2b98a9e2015-08-27 10:30:50 -070073 while (len != 0) {
74 len--;
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +020075 unsigned int uic = *utf16Str++;
76 size_t utf8Cur = utf8Len;
77
78 if (uic > 0x07ff)
79 utf8Len += 3;
80 else if (uic > 0x7f || uic == 0)
81 utf8Len += 2;
82 else
83 utf8Len++;
84
85 if (utf8Len < utf8Cur) /* overflow detected */
86 return SIZE_MAX-1;
87 }
88
89 /* don't return SIZE_MAX to avoid common user bug */
90 if (utf8Len == SIZE_MAX)
91 utf8Len = SIZE_MAX-1;
92
93 return utf8Len;
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080094}
95
96
97/**
98 * Convert a Java-Style UTF-16 string + length to a JNI-Style UTF-8 string.
99 *
100 * This basically means: embedded \0's in the UTF-16 string are encoded
101 * as "0xc0 0x80"
102 *
103 * Make sure you allocate "utf8Str" with the result of strlen16to8() + 1,
104 * not just "len".
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +0200105 *
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800106 * Please note, a terminated \0 is always added, so your result will always
107 * be "strlen16to8() + 1" bytes long.
108 */
109extern char* strncpy16to8(char* utf8Str, const char16_t* utf16Str, size_t len)
110{
111 char* utf8cur = utf8Str;
112
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +0200113 /* Note on overflows: We assume the user did check the result of
114 * strnlen16to8() properly or at a minimum checked the result of
115 * its malloc(SIZE_MAX) in case of overflow.
116 */
Nick Kralevich2b98a9e2015-08-27 10:30:50 -0700117 while (len != 0) {
118 len--;
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800119 unsigned int uic = *utf16Str++;
120
121 if (uic > 0x07ff) {
122 *utf8cur++ = (uic >> 12) | 0xe0;
123 *utf8cur++ = ((uic >> 6) & 0x3f) | 0x80;
124 *utf8cur++ = (uic & 0x3f) | 0x80;
125 } else if (uic > 0x7f || uic == 0) {
126 *utf8cur++ = (uic >> 6) | 0xc0;
127 *utf8cur++ = (uic & 0x3f) | 0x80;
128 } else {
129 *utf8cur++ = uic;
130
131 if (uic == 0) {
132 break;
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +0200133 }
134 }
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800135 }
136
137 *utf8cur = '\0';
138
139 return utf8Str;
140}
141
142/**
143 * Convert a UTF-16 string to UTF-8.
144 *
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800145 */
146char * strndup16to8 (const char16_t* s, size_t n)
147{
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +0200148 char* ret;
149 size_t len;
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800150
151 if (s == NULL) {
152 return NULL;
153 }
154
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +0200155 len = strnlen16to8(s, n);
156
157 /* We are paranoid, and we check for SIZE_MAX-1
158 * too since it is an overflow value for our
159 * strnlen16to8 implementation.
160 */
161 if (len >= SIZE_MAX-1)
162 return NULL;
163
164 ret = malloc(len + 1);
165 if (ret == NULL)
166 return NULL;
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800167
168 strncpy16to8 (ret, s, n);
David 'Digit' Turnera26c4e02009-05-02 19:43:30 +0200169
170 return ret;
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800171}