From bcbc2ee215bc376f4fe8012078c33aa0439aba84 Mon Sep 17 00:00:00 2001
From: Sam Hocevar <sam@hocevar.net>
Date: Fri, 27 Oct 2006 20:22:48 +0000
Subject: [PATCH]   * Fix a buffer overflow in the utf-8 cucul_import().

---
 cucul/import.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/cucul/import.c b/cucul/import.c
index 4977cc3..df25a97 100644
--- a/cucul/import.c
+++ b/cucul/import.c
@@ -406,12 +406,24 @@ static cucul_canvas_t *import_ansi(void const *data, unsigned int size,
         if(utf8)
         {
             unsigned int bytes;
-            /* Probably a wrong thing */
-            if(((char const *)(buffer + i))[0] == 0)
+
+            if(i + 6 < size)
+                ch = cucul_utf8_to_utf32((char const *)(buffer + i), &bytes);
+            else
             {
-                goto end;
+                /* Add a trailing zero to what we're going to read */
+                char tmp[7];
+                memcpy(tmp, buffer + i, size - i);
+                tmp[size - i] = '\0';
+                ch = cucul_utf8_to_utf32(tmp, &bytes);
+            }
+
+            if(!bytes)
+            {
+                /* If the Unicode is invalid, assume it was latin1. */
+                ch = buffer[i];
+                bytes = 1;
             }
-            ch = cucul_utf8_to_utf32((char const *)(buffer + i), &bytes);
             wch = cucul_utf32_is_fullwidth(ch) ? 2 : 1;
             skip += bytes - 1;
         }
@@ -444,7 +456,7 @@ static cucul_canvas_t *import_ansi(void const *data, unsigned int size,
         cucul_set_color(cv, CUCUL_COLOR_DEFAULT, CUCUL_COLOR_TRANSPARENT);
         cucul_set_canvas_size(cv, width, height = y);
     }
- end:
+
     return cv;
 }