[vlc-commits] strings: skip XML-invalid non-printable characters (fixes #15027)

Rémi Denis-Courmont git at videolan.org
Wed Jul 8 21:39:04 CEST 2015 

vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Wed Jul  8 22:37:57 2015 +0300| [980bb1e06110f63605c754d00079ec67e93b59fa] | committer: Rémi Denis-Courmont

strings: skip XML-invalid non-printable characters (fixes #15027)

(cherry picked from commit a9bc71c00c681d81ddebf600b027e2dd537438f7)

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=980bb1e06110f63605c754d00079ec67e93b59fa
---

 src/test/xmlent.c  |    4 ++--
 src/text/strings.c |   21 ++++++++++++++++-----
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/test/xmlent.c b/src/test/xmlent.c
index fd846d1..0f8e4f1 100644
--- a/src/test/xmlent.c
+++ b/src/test/xmlent.c
@@ -82,8 +82,8 @@ int main (void)
 
     encode ("", "");
     encode ("a'àc\"çe&én<ño>ö1:", "a'àc"çe&én<ño>ö1:");
-    encode ("\x01\xC2\x81\xC2\x85", "\xC2\x85");
-    encode ("\r\n", "\r\n");
+    encode ("\xC2\x81\xC2\x85", "\xC2\x85");
+    encode (" \t\r\n", " \t\r\n");
 
     return 0;
 }
diff --git a/src/text/strings.c b/src/text/strings.c
index 398c8bc..1b86e9c 100644
--- a/src/text/strings.c
+++ b/src/text/strings.c
@@ -312,10 +312,6 @@ char *convert_xml_special_chars (const char *str)
             return NULL;
         }
 
-        if ((cp & ~0x0080) < 32 /* C0/C1 control codes */
-         && memchr ("\x09\x0A\x0D\x85", cp, 4) == NULL)
-            ptr += sprintf (ptr, "&#%"PRIu32";", cp);
-        else
         switch (cp)
         {
             case '\"': strcpy (ptr, """); ptr += 6; break;
@@ -323,7 +319,22 @@ char *convert_xml_special_chars (const char *str)
             case '\'': strcpy (ptr, "'");  ptr += 5; break;
             case '<':  strcpy (ptr, "<");   ptr += 4; break;
             case '>':  strcpy (ptr, ">");   ptr += 4; break;
-            default:   memcpy (ptr, str, n);   ptr += n; break;
+            default:
+                if (cp < 32) /* C0 code not allowed (except 9, 10 and 13) */
+                    break;
+                if (cp >= 128 && cp < 160) /* C1 code encoded (except 133) */
+                {
+                    ptr += sprintf (ptr, "&#%"PRIu32";", cp);
+                    break;
+                }
+                /* fall through */
+            case 9:
+            case 10:
+            case 13:
+            case 133:
+                memcpy (ptr, str, n);
+                ptr += n;
+                break;
         }
         str += n;
     }

More information about the vlc-commits mailing list