]> git.kaiwu.me - nginx.git/commit
Charset: fixed another rare buffer overread in recode_from_utf8()
authorSergey Kandaurov <pluknet@nginx.com>
Mon, 1 Jun 2026 17:46:48 +0000 (21:46 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Wed, 17 Jun 2026 15:15:33 +0000 (08:15 -0700)
commit60c4243eb8775d51662a01def8a7dad5d9fb34a7
tree2eb0a97a2362f8b6243e9ea6297fd9f9e4f3c54b
parent131be8514da8985b15b74150521afedbf9cc4ea3
Charset: fixed another rare buffer overread in recode_from_utf8()

With prerequisites similar to 696a7f1b9, it was possible to gain 1-byte
overread on invalid UTF-8 sequences.  The reason is ngx_utf8_decode()
stops advancing the pointer position on the first encountered invalid
byte.  The fix is to adjust the advanced pointer up to the whole saved
sequence in this case.  Note that this may result in different output
compared to complete invalid UTF-8 sequences, which we can disregard
at this point.

Reported by Han Yan of Xiaomi and p4p3r of CYBERONE.
src/http/modules/ngx_http_charset_filter_module.c