From 6e0b02cd16d30c51ebb14f603d375b1a4bfd72ee Mon Sep 17 00:00:00 2001
From: waker <wakeroid@gmail.com>
Date: Tue, 4 Sep 2012 21:26:05 +0200
Subject: junklib: cp936 buffer overflow fix

---
 junklib.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/junklib.c b/junklib.c
index 8bcd9c91..b3c72034 100644
--- a/junklib.c
+++ b/junklib.c
@@ -683,21 +683,24 @@ can_be_russian (const signed char *str) {
 }
 
 static int
-can_be_chinese (const signed char *str) {
+can_be_chinese (const uint8_t *str) {
     if (!enable_cp936_detection) {
         return 0;
     }
-    for (; *str; str++) {
-        if (((unsigned char) *str >= 0x81 && (unsigned char) *str <= 0xFE )
-           && ((unsigned char) *(str+1) >= 0x30 && (unsigned char) *(str+1) <= 0x39)
-           && ((unsigned char) *(str+2) >= 0x81 && (unsigned char) *(str+2) <= 0xFE)
-           && ((unsigned char) *(str+3) >= 0x30 && (unsigned char) *(str+3) <= 0x39)) {
-           return 1;
-        }
-        if (((unsigned char) *str >= 0x81 && (unsigned char) *str <= 0xFE )
-           && (((unsigned char) *(str+1) >= 0x40 && (unsigned char) *(str+1) <= 0x7E)
-           || ((unsigned char) *(str+1) >= 0x80 && (unsigned char) *(str+1) <= 0xFE))) {
-           return 1;
+    int len = strlen (str);
+    for (int i = 0; *str; str++, i++) {
+        if (i < len-3
+                && (*str >= 0x81 && *str <= 0xFE )
+                && (*(str+1) >= 0x30 && *(str+1) <= 0x39)
+                && (*(str+2) >= 0x81 && *(str+2) <= 0xFE)
+                && (*(str+3) >= 0x30 && *(str+3) <= 0x39)) {
+            return 1;
+        }
+        if (i < len - 1
+                && (*str >= 0x81 && *str <= 0xFE )
+                && ((*(str+1) >= 0x40 && *(str+1) <= 0x7E)
+                    || (*(str+1) >= 0x80 && *(str+1) <= 0xFE))) {
+            return 1;
         }
     }
     return 0;
-- 
cgit v1.2.3