utf8.c: Postpone pointer subtraction until it turns out to be safe

In Perl_utf8_to_uv_msgs_helper_(), "curlen = send - s0;" used to be done earlier in this function, but this subtraction might underflow as "send >= s0" (that is, "e >= s0") does not necessarily hold true. Thanks to @mauke and @tonycoz for pointing this out.
Perl · Jan 10, 2025 · dad11fc · dad11fc
1 parent 129e8d8
commit dad11fc
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/utf8.c b/utf8.c
@@ -1634,7 +1634,6 @@ Perl_utf8_to_uv_msgs_helper_(const U8 * const s0,
      * than a single character */
     const U8 * send = e;
 
-    Size_t curlen = send - s0;
     U32 possible_problems;  /* A bit is set here for each potential problem
                                found as we go along */
     UV uv = 0;
@@ -1723,11 +1722,13 @@ Perl_utf8_to_uv_msgs_helper_(const U8 * const s0,
      * allowed one, we could allow in something that shouldn't have been.
      */
 
-    if (UNLIKELY(curlen <= 0)) {
+    Size_t curlen;
+    if (UNLIKELY(s0 >= send)) {
         possible_problems |= UTF8_GOT_EMPTY;
         curlen = 0;
         goto ready_to_handle_errors;
     }
+    curlen = send - s0;
 
     /* We now know we can examine the first byte of the input */
     expectlen = UTF8SKIP(s0);