From 765c61445550c6e4ecfd250e1893d776d570b4fd Mon Sep 17 00:00:00 2001
From: Thomas Lively <tlively@google.com>
Date: Tue, 18 Jun 2024 20:08:25 -0700
Subject: Validate that names are valid UTF-8 (#6682)

Add an `isUTF8` utility and use it in both the text and binary parsers.
Add missing checks for overlong encodings and overlarge code points in
our WTF8 reader, which the new utility uses. Re-enable the spec tests
that test UTF-8 validation.
---
 src/support/string.cpp | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'src/support/string.cpp')

diff --git a/src/support/string.cpp b/src/support/string.cpp
index 31d0e9170..01fe4e522 100644
--- a/src/support/string.cpp
+++ b/src/support/string.cpp
@@ -195,9 +195,21 @@ std::optional<uint32_t> takeWTF8CodePoint(std::string_view& str) {
   }
 
   str = str.substr(1 + trailingBytes);
+
   if (!valid) {
     return std::nullopt;
   }
+
+  size_t expectedTrailing = u < 0x80       ? 0
+                            : u < 0x800    ? 1
+                            : u < 0x10000  ? 2
+                            : u < 0x110000 ? 3
+                                           : -1;
+  if (trailingBytes != expectedTrailing) {
+    // Overlong encoding or overlarge code point.
+    return std::nullopt;
+  }
+
   return u;
 }
 
@@ -404,4 +416,14 @@ std::ostream& printEscapedJSON(std::ostream& os, std::string_view str) {
   return os << '"';
 }
 
+bool isUTF8(std::string_view str) {
+  while (str.size()) {
+    auto u = takeWTF8CodePoint(str);
+    if (!u || (0xD800 <= *u && *u < 0xE000)) {
+      return false;
+    }
+  }
+  return true;
+}
+
 } // namespace wasm::String
-- 
cgit v1.2.3