From b08cf6c29f94373823a910e015c62d437f83dbfd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Eric=20Janouch?= <p@janouch.name>
Date: Wed, 21 Oct 2020 04:52:24 +0200
Subject: Reject overlong UTF-8 sequences

---
 liberty.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'liberty.c')

diff --git a/liberty.c b/liberty.c
index 3aadc29..c0b6bb4 100644
--- a/liberty.c
+++ b/liberty.c
@@ -2753,6 +2753,11 @@ utf8_decode (const char **s, size_t len)
 
 	// Check the rest of the sequence
 	uint32_t cp = *p++ & ~mask;
+
+	// Overlong sequence (possibly MUTF-8, not supported)
+	if (!cp && sequence_len)
+		return -1;
+
 	while (sequence_len && --sequence_len)
 	{
 		if (p == end)
-- 
cgit v1.2.3