Hi,
ti, 2025-07-08 kello 17:43 +0200, Frédéric Danis kirjoitti:
> Truncate the string to first character before invalid UTF-8 one
> instead of replacing non ascii characters by spaces.
> ---
> src/shared/ad.c | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
> diff --git a/src/shared/ad.c b/src/shared/ad.c
> index 3f0064dd9..6952a0dab 100644
> --- a/src/shared/ad.c
> +++ b/src/shared/ad.c
> @@ -276,7 +276,6 @@ static bool ad_replace_uuid128(struct bt_ad *ad, struct iovec *iov)
> static bool ad_replace_name(struct bt_ad *ad, struct iovec *iov)
> {
> char utf8_name[HCI_MAX_NAME_LENGTH + 2];
> - int i;
>
> memset(utf8_name, 0, sizeof(utf8_name));
> strncpy(utf8_name, (const char *)iov->iov_base, iov->iov_len);
> @@ -284,11 +283,7 @@ static bool ad_replace_name(struct bt_ad *ad, struct iovec *iov)
> if (strisutf8(utf8_name, iov->iov_len))
> goto done;
>
> - /* Assume ASCII, and replace all non-ASCII with spaces */
> - for (i = 0; utf8_name[i] != '\0'; i++) {
> - if (!isascii(utf8_name[i]))
> - utf8_name[i] = ' ';
> - }
> + strtoutf8(utf8_name, iov->iov_len);
Looks like potential out-of-bounds access --- strtoutf8()
may access iov->iov_base[iov->iov_len]
Cf. for (size_t j = 1; j < size; ++j) loop in strtoutf8().
Also strisutf8() has same problem here.
>
> /* Remove leading and trailing whitespace characters */
> strstrip(utf8_name);
--
Pauli Virtanen
