From 902d145793959ce0347b202303f8cb34223e6b04 Mon Sep 17 00:00:00 2001
From: daurnimator <quae@daurnimator.com>
Date: Sun, 12 Nov 2017 15:31:37 +1100
Subject: src/defs.js: Check for invalid continuation bytes

---
 src/defs.js   |  6 ++++++
 tests/defs.js | 26 +++++++++++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/defs.js b/src/defs.js
index ad79c67..01a48f5 100644
--- a/src/defs.js
+++ b/src/defs.js
@@ -157,19 +157,25 @@ const to_jsstring = function(value, from, to) {
             /* two byte sequence */
             if (i >= to) throw RangeError("cannot convert invalid utf8 to javascript string");
             let u1 = value[i++];
+            if ((u1&0xC0) !== 0x80) throw RangeError("cannot convert invalid utf8 to javascript string");
             u = ((u0 & 0x1F) << 6) + (u1 & 0x3F);
         } else if (u0 <= 0xEF) {
             /* three byte sequence */
             if (i+1 >= to) throw RangeError("cannot convert invalid utf8 to javascript string");
             let u1 = value[i++];
+            if ((u1&0xC0) !== 0x80) throw RangeError("cannot convert invalid utf8 to javascript string");
             let u2 = value[i++];
+            if ((u2&0xC0) !== 0x80) throw RangeError("cannot convert invalid utf8 to javascript string");
             u = ((u0 & 0x0F) << 12) + ((u1 & 0x3F) << 6) + (u2 & 0x3F);
         } else {
             /* four byte sequence */
             if (i+2 >= to) throw RangeError("cannot convert invalid utf8 to javascript string");
             let u1 = value[i++];
+            if ((u1&0xC0) !== 0x80) throw RangeError("cannot convert invalid utf8 to javascript string");
             let u2 = value[i++];
+            if ((u2&0xC0) !== 0x80) throw RangeError("cannot convert invalid utf8 to javascript string");
             let u3 = value[i++];
+            if ((u3&0xC0) !== 0x80) throw RangeError("cannot convert invalid utf8 to javascript string");
             u = ((u0 & 0x07) << 18) + ((u1 & 0x3F) << 12) + ((u2 & 0x3F) << 6) + (u3 & 0x3F);
         }
         str += String.fromCodePoint(u);
diff --git a/tests/defs.js b/tests/defs.js
index b00fda0..244e31b 100644
--- a/tests/defs.js
+++ b/tests/defs.js
@@ -58,9 +58,33 @@ test('to_jsstring', function (t) {
 });
 
 test('to_jsstring fails on invalid unicode', function (t) {
-	t.plan(1);
+	t.plan(7);
 
 	t.throws(function() {
 		defs.to_jsstring([165]);
 	}, "non-utf8 char");
+
+	t.throws(function() {
+		defs.to_jsstring([208, 60]);
+	}, "invalid continuation byte");
+
+	t.throws(function() {
+		defs.to_jsstring([225, 60, 145]);
+	}, "invalid continuation byte");
+
+	t.throws(function() {
+		defs.to_jsstring([225, 145, 60]);
+	}, "invalid continuation byte");
+
+	t.throws(function() {
+		defs.to_jsstring([242, 60, 145, 145]);
+	}, "invalid continuation byte");
+
+	t.throws(function() {
+		defs.to_jsstring([242, 145, 60, 145]);
+	}, "invalid continuation byte");
+
+	t.throws(function() {
+		defs.to_jsstring([242, 145, 145, 60]);
+	}, "invalid continuation byte");
 });
-- 
cgit v1.2.3-54-g00ecf