From bc334222c1d3f08791e04fd9ee0850ceb96cec1c Mon Sep 17 00:00:00 2001 From: Yoitsu Date: Sat, 10 Apr 2021 14:49:25 +0300 Subject: [PATCH] fix buffer overflow in parseEmoji (#2602) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Paweł Co-authored-by: pajlada --- CHANGELOG.md | 1 + src/providers/emoji/Emojis.cpp | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0bbd58aa2..d439f8a6d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -87,6 +87,7 @@ - Bugfix: Fix directory not opening when clicking "Open AppData Directory" setting button on macOS (#2531, #2537) - Bugfix: Fix quickswitcher not respecting order of tabs when filtering (#2519, #2561) - Bugfix: Fix GNOME not associating Chatterino's window with its desktop entry (#1863, #2587) +- Bugfix: Fix buffer overflow in emoji parsing. (#2602) - Dev: Updated minimum required Qt framework version to 5.12. (#2210) - Dev: Migrated `Kraken::getUser` to Helix (#2260) - Dev: Migrated `TwitchAccount::(un)followUser` from Kraken to Helix and moved it to `Helix::(un)followUser`. (#2306) diff --git a/src/providers/emoji/Emojis.cpp b/src/providers/emoji/Emojis.cpp index 58cff2591..af8753798 100644 --- a/src/providers/emoji/Emojis.cpp +++ b/src/providers/emoji/Emojis.cpp @@ -24,7 +24,7 @@ namespace { const rapidjson::Value &unparsedEmoji, QString shortCode = QString()) { - static uint unicodeBytes[4]; + std::array unicodeBytes; struct { bool apple; @@ -91,11 +91,12 @@ namespace { for (const QString &unicodeCharacter : unicodeCharacters) { - unicodeBytes[numUnicodeBytes++] = + unicodeBytes.at(numUnicodeBytes++) = QString(unicodeCharacter).toUInt(nullptr, 16); } - emojiData->value = QString::fromUcs4(unicodeBytes, numUnicodeBytes); + emojiData->value = + QString::fromUcs4(unicodeBytes.data(), numUnicodeBytes); } // getToneNames takes a tones and returns their names in the same order