public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "fw at deneb dot enyo.de" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug locale/2373] Restrict UTF-8 to 17 planes, as required by RFC 3629
Date: Sun, 07 Jun 2020 05:37:58 +0000 [thread overview]
Message-ID: <bug-2373-131-FDtz2Q9D6S@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-2373-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=2373
Florian Weimer <fw at deneb dot enyo.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at deneb dot enyo.de
--- Comment #9 from Florian Weimer <fw at deneb dot enyo.de> ---
(In reply to Andreas Schwab from comment #7)
> RFC 2044 defines UTF-8 as a 1-6 octet encoding, referencing ISO/IEC
> 10646-1:1993 as the source. This was eventually updated by RFC 3629, which
> introduced the U+10FFFF limit, but citing ISO/IEC 10646-1:2000 as without
> that limit.
Where? I think RFC 3629 still claims that the six byte limit per codepoint does
not exist, in section 10:
Another security issue occurs when encoding to UTF-8: the ISO/IEC
10646 description of UTF-8 allows encoding character numbers up to
U+7FFFFFFF, yielding sequences of up to 6 bytes. There is therefore
a risk of buffer overflow if the range of character numbers is not
explicitly limited to U+10FFFF or if buffer sizing doesn't take into
account the possibility of 5- and 6-byte sequences.
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2020-06-07 5:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-2373-131@http.sourceware.org/bugzilla/>
2020-06-02 10:37 ` [Bug locale/2373] iconv allows encoding characters above U+10FFFF in UTF-8 fweimer at redhat dot com
2020-06-02 11:33 ` fweimer at redhat dot com
2020-06-02 11:38 ` [Bug locale/2373] Restrict UTF-8 to 17 planes, as required by RFC 3629 fweimer at redhat dot com
2020-06-05 20:42 ` johannes at sipsolutions dot net
2020-06-05 21:39 ` schwab@linux-m68k.org
2020-06-06 21:53 ` johannes at sipsolutions dot net
2020-06-07 5:37 ` fw at deneb dot enyo.de [this message]
2020-06-07 6:17 ` schwab@linux-m68k.org
2020-06-30 13:05 ` fw at deneb dot enyo.de
2020-06-30 13:18 ` schwab@linux-m68k.org
2020-06-30 14:56 ` joseph at codesourcery dot com
2023-03-01 14:37 ` roman.zilka at gmail dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-2373-131-FDtz2Q9D6S@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).