From 0dc96262a35d7b8f97c378aeabf6c9fb01c83af9 Mon Sep 17 00:00:00 2001
From: "rogerl%netscape.com" <rogerl%netscape.com>
Date: Sat, 5 Oct 2002 04:05:56 +0000
Subject: [PATCH] Bug #172699. r=rogerl, sr=brendan. Detect illegal (overlong)
 utf-8.

---
 js/src/jsstr.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/js/src/jsstr.c b/js/src/jsstr.c
index 35fefbcc7d5..f38ccfaffa1 100644
--- a/js/src/jsstr.c
+++ b/js/src/jsstr.c
@@ -4442,6 +4442,11 @@ static uint32
 Utf8ToOneUcs4Char(const uint8 *utf8Buffer, int utf8Length)
 {
     uint32 ucs4Char;
+    uint32 minucs4Char;
+    // from Unicode 3.1, non-shortest form is illegal 
+    static const uint32 minucs4Table[] = {
+        0x00000080, 0x00000800, 0x0001000, 0x0020000, 0x0400000
+    };
 
     JS_ASSERT(utf8Length >= 1 && utf8Length <= 6);
     if (utf8Length == 1) {
@@ -4451,10 +4456,15 @@ Utf8ToOneUcs4Char(const uint8 *utf8Buffer, int utf8Length)
         JS_ASSERT((*utf8Buffer & (0x100 - (1 << (7-utf8Length)))) ==
                   (0x100 - (1 << (8-utf8Length))));
         ucs4Char = *utf8Buffer++ & ((1<<(7-utf8Length))-1);
+        minucs4Char = minucs4Table[utf8Length-2];
         while (--utf8Length) {
             JS_ASSERT((*utf8Buffer & 0xC0) == 0x80);
             ucs4Char = ucs4Char<<6 | (*utf8Buffer++ & 0x3F);
         }
+        if (ucs4Char < minucs4Char || 
+            ucs4Char == 0xFFFE || ucs4Char == 0xFFFF) {
+            ucs4Char = 0xFFFD;
+        }
     }
     return ucs4Char;
 }