1/* libs/cutils/strdup16to8.c
2**
3** Copyright 2006, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9**     http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <limits.h>  /* for SIZE_MAX */
19
20#include <cutils/jstring.h>
21#include <assert.h>
22#include <stdlib.h>
23
24
25/**
26 * Given a UTF-16 string, compute the length of the corresponding UTF-8
27 * string in bytes.
28 */
29extern size_t strnlen16to8(const char16_t* utf16Str, size_t len)
30{
31    size_t utf8Len = 0;
32
33    /* A small note on integer overflow. The result can
34     * potentially be as big as 3*len, which will overflow
35     * for len > SIZE_MAX/3.
36     *
37     * Moreover, the result of a strnlen16to8 is typically used
38     * to allocate a destination buffer to strncpy16to8 which
39     * requires one more byte to terminate the UTF-8 copy, and
40     * this is generally done by careless users by incrementing
41     * the result without checking for integer overflows, e.g.:
42     *
43     *   dst = malloc(strnlen16to8(utf16,len)+1)
44     *
45     * Due to this, the following code will try to detect
46     * overflows, and never return more than (SIZE_MAX-1)
47     * when it detects one. A careless user will try to malloc
48     * SIZE_MAX bytes, which will return NULL which can at least
49     * be detected appropriately.
50     *
51     * As far as I know, this function is only used by strndup16(),
52     * but better be safe than sorry.
53     */
54
55    /* Fast path for the usual case where 3*len is < SIZE_MAX-1.
56     */
57    if (len < (SIZE_MAX-1)/3) {
58        while (len--) {
59            unsigned int uic = *utf16Str++;
60
61            if (uic > 0x07ff)
62                utf8Len += 3;
63            else if (uic > 0x7f || uic == 0)
64                utf8Len += 2;
65            else
66                utf8Len++;
67        }
68        return utf8Len;
69    }
70
71    /* The slower but paranoid version */
72    while (len--) {
73        unsigned int  uic     = *utf16Str++;
74        size_t        utf8Cur = utf8Len;
75
76        if (uic > 0x07ff)
77            utf8Len += 3;
78        else if (uic > 0x7f || uic == 0)
79            utf8Len += 2;
80        else
81            utf8Len++;
82
83        if (utf8Len < utf8Cur) /* overflow detected */
84            return SIZE_MAX-1;
85    }
86
87    /* don't return SIZE_MAX to avoid common user bug */
88    if (utf8Len == SIZE_MAX)
89        utf8Len = SIZE_MAX-1;
90
91    return utf8Len;
92}
93
94
95/**
96 * Convert a Java-Style UTF-16 string + length to a JNI-Style UTF-8 string.
97 *
98 * This basically means: embedded \0's in the UTF-16 string are encoded
99 * as "0xc0 0x80"
100 *
101 * Make sure you allocate "utf8Str" with the result of strlen16to8() + 1,
102 * not just "len".
103 *
104 * Please note, a terminated \0 is always added, so your result will always
105 * be "strlen16to8() + 1" bytes long.
106 */
107extern char* strncpy16to8(char* utf8Str, const char16_t* utf16Str, size_t len)
108{
109    char* utf8cur = utf8Str;
110
111    /* Note on overflows: We assume the user did check the result of
112     * strnlen16to8() properly or at a minimum checked the result of
113     * its malloc(SIZE_MAX) in case of overflow.
114     */
115    while (len--) {
116        unsigned int uic = *utf16Str++;
117
118        if (uic > 0x07ff) {
119            *utf8cur++ = (uic >> 12) | 0xe0;
120            *utf8cur++ = ((uic >> 6) & 0x3f) | 0x80;
121            *utf8cur++ = (uic & 0x3f) | 0x80;
122        } else if (uic > 0x7f || uic == 0) {
123            *utf8cur++ = (uic >> 6) | 0xc0;
124            *utf8cur++ = (uic & 0x3f) | 0x80;
125        } else {
126            *utf8cur++ = uic;
127
128            if (uic == 0) {
129                break;
130            }
131        }
132    }
133
134   *utf8cur = '\0';
135
136   return utf8Str;
137}
138
139/**
140 * Convert a UTF-16 string to UTF-8.
141 *
142 */
143char * strndup16to8 (const char16_t* s, size_t n)
144{
145    char*   ret;
146    size_t  len;
147
148    if (s == NULL) {
149        return NULL;
150    }
151
152    len = strnlen16to8(s, n);
153
154    /* We are paranoid, and we check for SIZE_MAX-1
155     * too since it is an overflow value for our
156     * strnlen16to8 implementation.
157     */
158    if (len >= SIZE_MAX-1)
159        return NULL;
160
161    ret = malloc(len + 1);
162    if (ret == NULL)
163        return NULL;
164
165    strncpy16to8 (ret, s, n);
166
167    return ret;
168}
169