1 /* libs/cutils/strdup16to8.c
2 **
3 ** Copyright 2006, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #include <limits.h>  /* for SIZE_MAX */
19 
20 #include <cutils/jstring.h>
21 #include <assert.h>
22 #include <stdlib.h>
23 
24 
25 /**
26  * Given a UTF-16 string, compute the length of the corresponding UTF-8
27  * string in bytes.
28  */
strnlen16to8(const char16_t * utf16Str,size_t len)29 extern size_t strnlen16to8(const char16_t* utf16Str, size_t len)
30 {
31     size_t utf8Len = 0;
32 
33     /* A small note on integer overflow. The result can
34      * potentially be as big as 3*len, which will overflow
35      * for len > SIZE_MAX/3.
36      *
37      * Moreover, the result of a strnlen16to8 is typically used
38      * to allocate a destination buffer to strncpy16to8 which
39      * requires one more byte to terminate the UTF-8 copy, and
40      * this is generally done by careless users by incrementing
41      * the result without checking for integer overflows, e.g.:
42      *
43      *   dst = malloc(strnlen16to8(utf16,len)+1)
44      *
45      * Due to this, the following code will try to detect
46      * overflows, and never return more than (SIZE_MAX-1)
47      * when it detects one. A careless user will try to malloc
48      * SIZE_MAX bytes, which will return NULL which can at least
49      * be detected appropriately.
50      *
51      * As far as I know, this function is only used by strndup16(),
52      * but better be safe than sorry.
53      */
54 
55     /* Fast path for the usual case where 3*len is < SIZE_MAX-1.
56      */
57     if (len < (SIZE_MAX-1)/3) {
58         while (len--) {
59             unsigned int uic = *utf16Str++;
60 
61             if (uic > 0x07ff)
62                 utf8Len += 3;
63             else if (uic > 0x7f || uic == 0)
64                 utf8Len += 2;
65             else
66                 utf8Len++;
67         }
68         return utf8Len;
69     }
70 
71     /* The slower but paranoid version */
72     while (len--) {
73         unsigned int  uic     = *utf16Str++;
74         size_t        utf8Cur = utf8Len;
75 
76         if (uic > 0x07ff)
77             utf8Len += 3;
78         else if (uic > 0x7f || uic == 0)
79             utf8Len += 2;
80         else
81             utf8Len++;
82 
83         if (utf8Len < utf8Cur) /* overflow detected */
84             return SIZE_MAX-1;
85     }
86 
87     /* don't return SIZE_MAX to avoid common user bug */
88     if (utf8Len == SIZE_MAX)
89         utf8Len = SIZE_MAX-1;
90 
91     return utf8Len;
92 }
93 
94 
95 /**
96  * Convert a Java-Style UTF-16 string + length to a JNI-Style UTF-8 string.
97  *
98  * This basically means: embedded \0's in the UTF-16 string are encoded
99  * as "0xc0 0x80"
100  *
101  * Make sure you allocate "utf8Str" with the result of strlen16to8() + 1,
102  * not just "len".
103  *
104  * Please note, a terminated \0 is always added, so your result will always
105  * be "strlen16to8() + 1" bytes long.
106  */
strncpy16to8(char * utf8Str,const char16_t * utf16Str,size_t len)107 extern char* strncpy16to8(char* utf8Str, const char16_t* utf16Str, size_t len)
108 {
109     char* utf8cur = utf8Str;
110 
111     /* Note on overflows: We assume the user did check the result of
112      * strnlen16to8() properly or at a minimum checked the result of
113      * its malloc(SIZE_MAX) in case of overflow.
114      */
115     while (len--) {
116         unsigned int uic = *utf16Str++;
117 
118         if (uic > 0x07ff) {
119             *utf8cur++ = (uic >> 12) | 0xe0;
120             *utf8cur++ = ((uic >> 6) & 0x3f) | 0x80;
121             *utf8cur++ = (uic & 0x3f) | 0x80;
122         } else if (uic > 0x7f || uic == 0) {
123             *utf8cur++ = (uic >> 6) | 0xc0;
124             *utf8cur++ = (uic & 0x3f) | 0x80;
125         } else {
126             *utf8cur++ = uic;
127 
128             if (uic == 0) {
129                 break;
130             }
131         }
132     }
133 
134    *utf8cur = '\0';
135 
136    return utf8Str;
137 }
138 
139 /**
140  * Convert a UTF-16 string to UTF-8.
141  *
142  */
strndup16to8(const char16_t * s,size_t n)143 char * strndup16to8 (const char16_t* s, size_t n)
144 {
145     char*   ret;
146     size_t  len;
147 
148     if (s == NULL) {
149         return NULL;
150     }
151 
152     len = strnlen16to8(s, n);
153 
154     /* We are paranoid, and we check for SIZE_MAX-1
155      * too since it is an overflow value for our
156      * strnlen16to8 implementation.
157      */
158     if (len >= SIZE_MAX-1)
159         return NULL;
160 
161     ret = malloc(len + 1);
162     if (ret == NULL)
163         return NULL;
164 
165     strncpy16to8 (ret, s, n);
166 
167     return ret;
168 }
169