- Strictly check UTF-8 and UTF-8 validity.

diff --git a/ext/mbstring/libmbfl/filters/mbfilter_utf32.c b/ext/mbstring/libmbfl/filters/mbfilter_utf32.c
index 4b0e9b9e0f04e66dd179ca9cc53d245fa8f47f34..56d6dd4c979f891f5f52d1088494859c81a66c27 100644 (file)
--- a/ext/mbstring/libmbfl/filters/mbfilter_utf32.c
+++ b/ext/mbstring/libmbfl/filters/mbfilter_utf32.c
@@ -171,7 +171,9 @@ int mbfl_filt_conv_utf32_wchar(int c, mbfl_convert_filter *filter)
                        CK((*filter->output_function)(0xfeff, filter->data));
                } else {
                        filter->status &= ~0xff;
-                       CK((*filter->output_function)(n, filter->data));
+                       if (n < MBFL_WCSPLANE_UTF32MAX && (n < 0xd800 || n > 0xdfff)) {
+                               CK((*filter->output_function)(n, filter->data));
+                       }
                }
                break;
        }
@@ -201,7 +203,9 @@ int mbfl_filt_conv_utf32be_wchar(int c, mbfl_convert_filter *filter)
        } else {
                filter->status = 0;
                n = (c & 0xff) | filter->cache;
-               CK((*filter->output_function)(n, filter->data));
+               if (n < MBFL_WCSPLANE_UTF32MAX && (n < 0xd800 || n > 0xdfff)) {
+                       CK((*filter->output_function)(n, filter->data));
+               }
        }
        return c;
 }
@@ -211,7 +215,7 @@ int mbfl_filt_conv_utf32be_wchar(int c, mbfl_convert_filter *filter)
  */
 int mbfl_filt_conv_wchar_utf32be(int c, mbfl_convert_filter *filter)
 {
-       if (c >= 0 && c < MBFL_WCSGROUP_UCS4MAX) {
+       if (c >= 0 && c < MBFL_WCSPLANE_UTF32MAX) {
                CK((*filter->output_function)((c >> 24) & 0xff, filter->data));
                CK((*filter->output_function)((c >> 16) & 0xff, filter->data));
                CK((*filter->output_function)((c >> 8) & 0xff, filter->data));
@@ -247,7 +251,9 @@ int mbfl_filt_conv_utf32le_wchar(int c, mbfl_convert_filter *filter)
        } else {
                filter->status = 0;
                n = ((c & 0xff) << 24) | filter->cache;
-               CK((*filter->output_function)(n, filter->data));
+               if (n < MBFL_WCSPLANE_UTF32MAX && (n < 0xd800 || n > 0xdfff)) {
+                       CK((*filter->output_function)(n, filter->data));
+               }
        }
        return c;
 }
@@ -257,7 +263,7 @@ int mbfl_filt_conv_utf32le_wchar(int c, mbfl_convert_filter *filter)
  */
 int mbfl_filt_conv_wchar_utf32le(int c, mbfl_convert_filter *filter)
 {
-       if (c >= 0 && c < MBFL_WCSGROUP_UCS4MAX) {
+       if (c >= 0 && c < MBFL_WCSPLANE_UTF32MAX) {
                CK((*filter->output_function)(c & 0xff, filter->data));
                CK((*filter->output_function)((c >> 8) & 0xff, filter->data));
                CK((*filter->output_function)((c >> 16) & 0xff, filter->data));

diff --git a/ext/mbstring/libmbfl/filters/mbfilter_utf8.c b/ext/mbstring/libmbfl/filters/mbfilter_utf8.c
index 8b95897eac7519ae0def4f7de894aa88308feea5..20ff983e112687624ad29fc4528ec375828ccfa6 100644 (file)
--- a/ext/mbstring/libmbfl/filters/mbfilter_utf8.c
+++ b/ext/mbstring/libmbfl/filters/mbfilter_utf8.c
@@ -106,7 +106,8 @@ int mbfl_filt_conv_utf8_wchar(int c, mbfl_convert_filter *filter)
                }
                filter->status = 0;
        } else if (c < 0xc0) {
-               switch (filter->status & 0xff) {
+               int status = filter->status & 0xff;
+               switch (status) {
                case 0x10: /* 2byte code 2nd char */
                case 0x21: /* 3byte code 3rd char */
                case 0x32: /* 4byte code 4th char */
@@ -114,7 +115,11 @@ int mbfl_filt_conv_utf8_wchar(int c, mbfl_convert_filter *filter)
                case 0x54: /* 6byte code 6th char */
                        filter->status = 0;
                        s = filter->cache | (c & 0x3f);
-                       if (s >= 0x80) {
+                       if ((status == 0x10 && s >= 0x80) ||
+                           (status == 0x21 && s >= 0x800 && (s < 0xd800 || s > 0xdfff)) ||
+                           (status == 0x32 && s >= 0x10000) ||
+                           (status == 0x43 && s >= 0x200000) ||
+                           (status == 0x54 && s >= 0x4000000 && s < MBFL_WCSGROUP_UCS4MAX)) {
                                CK((*filter->output_function)(s, filter->data));
                        }
                        break;

diff --git a/ext/mbstring/libmbfl/mbfl/mbfl_consts.h b/ext/mbstring/libmbfl/mbfl/mbfl_consts.h
index f500766b492d4bb4fb5b370f79b0295a639aad94..cf4eaff1db5975930e0df74278fa726901e959df 100644 (file)
--- a/ext/mbstring/libmbfl/mbfl/mbfl_consts.h
+++ b/ext/mbstring/libmbfl/mbfl/mbfl_consts.h
@@ -47,6 +47,7 @@
 /* wchar plane, special charactor */
 #define MBFL_WCSPLANE_MASK                     0xffff
 #define MBFL_WCSPLANE_UCS2MAX          0x00010000
+#define MBFL_WCSPLANE_UTF32MAX         0x00110000
 #define MBFL_WCSPLANE_SUPMIN           0x00010000
 #define MBFL_WCSPLANE_SUPMAX           0x00200000
 #define MBFL_WCSPLANE_JIS0208          0x70e10000              /* JIS HEX : 2121h - 7E7Eh */

diff --git a/ext/mbstring/tests/illformed_utf_sequences.phpt b/ext/mbstring/tests/illformed_utf_sequences.phpt
new file mode 100644 (file)
index 0000000..f974d86
--- /dev/null
+++ b/ext/mbstring/tests/illformed_utf_sequences.phpt
@@ -0,0 +1,147 @@
+--TEST--
+Unicode standard conformance test (ill-formed UTF sequences.)
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+echo "UTF-8 redundancy\n";
+var_dump(bin2hex(mb_convert_encoding(b"\x31\x32\x33", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\x41\x42\x43", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xc0\xb1\xc0\xb2\xc0\xb3", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xc1\x81\xc1\x82\xc1\x83", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xe0\x80\xb1\xe0\x80\xb2\xe0\x80\xb3", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xe0\x81\x81\xe0\x81\x82\xe0\x81\x83", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf0\x80\x80\xb1\xf0\x80\x80\xb2\xf0\x80\x80\xb3", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf0\x80\x81\x81\xf0\x80\x81\x82\xf0\x81\x83", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf8\x80\x80\x80\xb1\xf8\x80\x80\x80\xb2\xf8\x80\x80\x80\xb3", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf8\x80\x80\x81\x81\xf8\x80\x80\x81\x82\xf8\x80\x80\x81\x83", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfc\x80\x80\x80\x80\xb1\xfc\x80\x80\x80\x80\xb2\xfc\x80\x80\x80\x80\xb3", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfc\x80\x80\x80\x81\x81\xfc\x80\x80\x80\x81\x82\xfc\x80\x80\x80\x81\x83", "UCS-4BE", "UTF-8")));
+
+var_dump(bin2hex(mb_convert_encoding(b"\xc2\xa2\xc2\xa3\xc2\xa5", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xe0\x82\xa2\xe0\x82\xa3\xe0\x82\xa5", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf0\x80\x82\xa2\xf0\x80\x82\xa3\xf0\x80\x82\xa5", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf8\x80\x80\x82\xa2\xf8\x80\x80\x82\xa3\xf8\x80\x80\x82\xa5", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfc\x80\x80\x80\x82\xa2\xfc\x80\x80\x80\x82\xa3\xfc\x80\x80\x80\x82\xa5", "UCS-4BE", "UTF-8")));
+
+var_dump(bin2hex(mb_convert_encoding(b"\xc1\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xc2\x80", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xdf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xe0\x9f\xff", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xe0\xa0\x80", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xef\xbf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf0\x8f\xbf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf0\x90\x80\x80", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf7\xbf\xbf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf8\x87\xbf\xbf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xf8\x88\x80\x80\x80", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfb\xbf\xbf\xbf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfc\x83\xbf\xbf\xbf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfc\x84\x80\x80\x80\x80", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfd\xaf\xbf\xbf\xbf\xbf", "UCS-4BE", "UTF-8")));
+var_dump(bin2hex(mb_convert_encoding(b"\xfd\xbf\xbf\xbf\xbf\xbf", "UCS-4BE", "UTF-8")));
+
+echo "UTF-8 and surrogates area\n";
+$out = b'';
+for ($i = 0xd7ff; $i <= 0xe000; ++$i) {
+    $out .= mb_convert_encoding(pack('C3', 0xe0 | ($i >> 12), 0x80 | ($i >> 6) & 0x3f, 0x80 | $i & 0x3f), "UCS-4BE", "UTF-8");
+}
+var_dump(bin2hex($out));
+
+echo "UTF-32 code range\n";
+var_dump(bin2hex(mb_convert_encoding("\x00\x11\x00\x00", "UCS-4BE", "UTF-32BE")));
+var_dump(bin2hex(mb_convert_encoding("\x00\x10\xff\xff", "UCS-4BE", "UTF-32BE")));
+var_dump(bin2hex(mb_convert_encoding("\x00\x00\x11\x00", "UCS-4BE", "UTF-32LE")));
+var_dump(bin2hex(mb_convert_encoding("\xff\xff\x10\x00", "UCS-4BE", "UTF-32LE")));
+var_dump(bin2hex(mb_convert_encoding("\x00\x11\x00\x00", "UCS-4BE", "UTF-32")));
+var_dump(bin2hex(mb_convert_encoding("\x00\x10\xff\xff", "UCS-4BE", "UTF-32")));
+var_dump(bin2hex(mb_convert_encoding("\x00\x00\xfe\xff\x00\x11\x00\x00", "UCS-4BE", "UTF-32")));
+var_dump(bin2hex(mb_convert_encoding("\x00\x00\xfe\xff\x00\x10\xff\xff", "UCS-4BE", "UTF-32")));
+var_dump(bin2hex(mb_convert_encoding("\xff\xfe\x00\x00\x00\x00\x11\x00", "UCS-4BE", "UTF-32")));
+var_dump(bin2hex(mb_convert_encoding("\xff\xfe\x00\x00\xff\xff\x10\x00", "UCS-4BE", "UTF-32")));
+
+echo "UTF-32 and surrogates area\n";
+$out = b'';
+for ($i = 0xd7ff; $i <= 0xe000; ++$i) {
+    $out .= mb_convert_encoding(pack('C4', $i >> 24, ($i >> 16) & 0xff, ($i >> 8) & 0xff, $i & 0xff), "UCS-4BE", "UTF-32BE");
+}
+var_dump(bin2hex($out));
+
+$out = b'';
+for ($i = 0xd7ff; $i <= 0xe000; ++$i) {
+    $out .= mb_convert_encoding(pack('C4', $i & 0xff, ($i >> 8) & 0xff, ($i >> 16) & 0xff, ($i >> 24) & 0xff), "UCS-4BE", "UTF-32LE");
+}
+var_dump(bin2hex($out));
+
+$out = b'';
+for ($i = 0xd7ff; $i <= 0xe000; ++$i) {
+    $out .= mb_convert_encoding(pack('C4', $i >> 24, ($i >> 16) & 0xff, ($i >> 8) & 0xff, $i & 0xff), "UCS-4BE", "UTF-32");
+}
+var_dump(bin2hex($out));
+
+$out = b'';
+for ($i = 0xd7ff; $i <= 0xe000; ++$i) {
+    $out .= mb_convert_encoding("\x00\x00\xfe\xff". pack('C4', $i >> 24, ($i >> 16) & 0xff, ($i >> 8) & 0xff, $i & 0xff), "UCS-4BE", "UTF-32");
+}
+var_dump(str_replace("0000feff", "", bin2hex($out)));
+
+$out = b'';
+for ($i = 0xd7ff; $i <= 0xe000; ++$i) {
+    $out .= mb_convert_encoding("\xff\xfe\x00\x00". pack('C4', $i & 0xff, ($i >> 8) & 0xff, ($i >> 16) & 0xff, ($i >> 24) & 0xff), "UCS-4BE", "UTF-32");
+}
+var_dump(str_replace("0000feff", "", bin2hex($out)));
+?>
+--EXPECT--
+UTF-8 redundancy
+unicode(24) "000000310000003200000033"
+unicode(24) "000000410000004200000043"
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(24) "000000a2000000a3000000a5"
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(0) ""
+unicode(8) "00000080"
+unicode(8) "000007ff"
+unicode(0) ""
+unicode(8) "00000800"
+unicode(8) "0000ffff"
+unicode(0) ""
+unicode(8) "00010000"
+unicode(8) "001fffff"
+unicode(0) ""
+unicode(8) "00200000"
+unicode(8) "03ffffff"
+unicode(0) ""
+unicode(8) "04000000"
+unicode(8) "6fffffff"
+unicode(0) ""
+UTF-8 and surrogates area
+unicode(16) "0000d7ff0000e000"
+UTF-32 code range
+unicode(0) ""
+unicode(8) "0010ffff"
+unicode(0) ""
+unicode(8) "0010ffff"
+unicode(0) ""
+unicode(8) "0010ffff"
+unicode(8) "0000feff"
+unicode(16) "0000feff0010ffff"
+unicode(8) "0000feff"
+unicode(16) "0000feff0010ffff"
+UTF-32 and surrogates area
+unicode(16) "0000d7ff0000e000"
+unicode(16) "0000d7ff0000e000"
+unicode(16) "0000d7ff0000e000"
+unicode(16) "0000d7ff0000e000"
+unicode(16) "0000d7ff0000e000"