From b59fd7c388c8d59a08e7e30f07e4639d2fd5451f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Sat, 22 Jul 2023 11:21:41 +0200
Subject: [PATCH] vt: detect and ignore invalid UTF-8 sequences

This patch detects invalid codepoints in the UTF-8 EDxxxx range, and
the F4xxxxxx range.

Note that we still allow the E0xxxx and F0xxxxxx ranges. These
contains overlong encodings. We allow them, because they still decode
into correct UTF-32.

Closes #1423
---
 vt.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/vt.c b/vt.c
index 51b69c7e..772bd41f 100644
--- a/vt.c
+++ b/vt.c
@@ -913,6 +913,16 @@ action_utf8_33(struct terminal *term, uint8_t c)
 {
     // wc = ((utf8[0] & 0xf) << 12) | ((utf8[1] & 0x3f) << 6) | (utf8[2] & 0x3f)
     term->vt.utf8 |= c & 0x3f;
+
+    const char32_t utf32 = term->vt.utf8;
+    if (unlikely(utf32 >= 0xd800 && utf32 <= 0xdfff)) {
+        /* Invalid sequence - invalid UTF-16 surrogate halves */
+        return;
+    }
+
+    /* Note: the E0 range contains overlong encodings. We don’t try to
+       detect, as they’ll still decode to valid UTF-32. */
+
     action_utf8_print(term, term->vt.utf8);
 }
 
@@ -942,6 +952,17 @@ action_utf8_44(struct terminal *term, uint8_t c)
 {
     // wc = ((utf8[0] & 7) << 18) | ((utf8[1] & 0x3f) << 12) | ((utf8[2] & 0x3f) << 6) | (utf8[3] & 0x3f);
     term->vt.utf8 |= c & 0x3f;
+
+    const char32_t utf32 = term->vt.utf8;
+
+    if (unlikely(utf32 > 0x10FFFF)) {
+        /* Invalid UTF-8 */
+        return;
+    }
+
+    /* Note: the F0 range contains overlong encodings. We don’t try to
+       detect, as they’ll still decode to valid UTF-32. */
+
     action_utf8_print(term, term->vt.utf8);
 }