1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <errno.h>
30 #include <sys/param.h>
31 #include <uchar.h>
32 #include <wchar.h>
33
34 #include "private/bionic_mbstate.h"
35
mbrtoc32(char32_t * pc32,const char * s,size_t n,mbstate_t * ps)36 size_t mbrtoc32(char32_t* pc32, const char* s, size_t n, mbstate_t* ps) {
37 static mbstate_t __private_state;
38 mbstate_t* state = (ps == nullptr) ? &__private_state : ps;
39
40 // We should never get to a state which has all 4 bytes of the sequence set.
41 // Full state verification is done when decoding the sequence (after we have
42 // all the bytes).
43 if (mbstate_get_byte(state, 3) != 0) {
44 return mbstate_reset_and_return_illegal(EINVAL, state);
45 }
46
47 if (s == nullptr) {
48 s = "";
49 n = 1;
50 pc32 = nullptr;
51 }
52
53 if (n == 0) {
54 // C23 7.30.1 (for each `mbrtoc*` function) says:
55 //
56 // Returns:
57 //
58 // 0 if the next n or fewer bytes complete the multibyte character that
59 // corresponds to the null wide character (which is the value stored).
60 //
61 // (size_t)(-2) if the next n bytes contribute to an incomplete (but
62 // potentially valid) multibyte character, and all n bytes have been
63 // processed (no value is stored).
64 //
65 // Bionic historically interpreted the behavior when n is 0 to be the next 0
66 // bytes decoding to the null. That's a pretty bad interpretation, and both
67 // glibc and musl return -2 for that case.
68 return BIONIC_MULTIBYTE_RESULT_INCOMPLETE_SEQUENCE;
69 }
70
71 uint8_t ch;
72 if (mbstate_is_initial(state) && (((ch = static_cast<uint8_t>(*s)) & ~0x7f) == 0)) {
73 // Fast path for plain ASCII characters.
74 if (pc32 != nullptr) {
75 *pc32 = ch;
76 }
77 return (ch != '\0' ? 1 : 0);
78 }
79
80 // Determine the number of octets that make up this character
81 // from the first octet, and a mask that extracts the
82 // interesting bits of the first octet. We already know
83 // the character is at least two bytes long.
84 size_t length;
85 int mask;
86
87 // We also specify a lower bound for the character code to
88 // detect redundant, non-"shortest form" encodings. For
89 // example, the sequence C0 80 is _not_ a legal representation
90 // of the null character. This enforces a 1-to-1 mapping
91 // between character codes and their multibyte representations.
92 char32_t lower_bound;
93
94 // The first byte in the state (if any) tells the length.
95 size_t bytes_so_far = mbstate_bytes_so_far(state);
96 ch = bytes_so_far > 0 ? mbstate_get_byte(state, 0) : static_cast<uint8_t>(*s);
97 // We already handled the 1-byte case above, so we go straight to 2-bytes...
98 if ((ch & 0xe0) == 0xc0) {
99 mask = 0x1f;
100 length = 2;
101 lower_bound = 0x80;
102 } else if ((ch & 0xf0) == 0xe0) {
103 mask = 0x0f;
104 length = 3;
105 lower_bound = 0x800;
106 } else if ((ch & 0xf8) == 0xf0) {
107 mask = 0x07;
108 length = 4;
109 lower_bound = 0x10000;
110 } else {
111 // Malformed input; input is not UTF-8. See RFC 3629.
112 return mbstate_reset_and_return_illegal(EILSEQ, state);
113 }
114
115 // Fill in the state.
116 size_t bytes_wanted = length - bytes_so_far;
117 size_t i;
118 for (i = 0; i < MIN(bytes_wanted, n); i++) {
119 if (!mbstate_is_initial(state) && ((*s & 0xc0) != 0x80)) {
120 // Malformed input; bad characters in the middle of a character.
121 return mbstate_reset_and_return_illegal(EILSEQ, state);
122 }
123 mbstate_set_byte(state, bytes_so_far + i, *s++);
124 }
125 if (i < bytes_wanted) {
126 return BIONIC_MULTIBYTE_RESULT_INCOMPLETE_SEQUENCE;
127 }
128
129 // Decode the octet sequence representing the character in chunks
130 // of 6 bits, most significant first.
131 char32_t c32 = mbstate_get_byte(state, 0) & mask;
132 for (i = 1; i < length; i++) {
133 c32 <<= 6;
134 c32 |= mbstate_get_byte(state, i) & 0x3f;
135 }
136
137 if (c32 < lower_bound) {
138 // Malformed input; redundant encoding.
139 return mbstate_reset_and_return_illegal(EILSEQ, state);
140 }
141 if ((c32 >= 0xd800 && c32 <= 0xdfff) || (c32 > 0x10ffff)) {
142 // Malformed input; invalid code points.
143 return mbstate_reset_and_return_illegal(EILSEQ, state);
144 }
145 if (pc32 != nullptr) {
146 *pc32 = c32;
147 }
148 return mbstate_reset_and_return(c32 == U'\0' ? 0 : bytes_wanted, state);
149 }
150