Follow-up Comment #4, patch #1582 (project freeciv):

Truncation is fundamentally unavoidable unless we strdup-printf every string
we make everywhere, which isn't going to happen.  We can cut down on it by
making buffers sufficiently long.

ATM there is an issue with MAX_LEN_NAME.  This is supposed to limit city
names, for instance, at 32 characters.  Instead it limits then at 32 bytes
which is incorrect.  Most places which use it should instead use a longer or
malloc'd buffer, and use fc_utf8_strlen() to make sure the name isn't too
long.

The server should use utf-8 validation on all strings received from the
client, or read from ruleset or savegame.  The client should if possible use
utf-8 validation on strings received from the server.  How to handle invalid
strings may depend on the situation; in most cases they can just be
truncated.

Having said that, I'm not too sure of the interface pepeto is presenting.

* How do we know just because a character is 4 bytes long that bytes 2-4 are
valid?  Does UTF-8 allow any byte sequence in here?  What about malicious
chats from the client?

* Casts should not be needed in passing values to these functions.  Doing so
is a sign the parameters used are not right.  In fact I think one such case
is quite wrong.

* Each function provided should do everything that it needs to. 
Specifically, fc_utf8_char_size is not a useful function in its current form
(except for internal usage).

* Are we sure that using these variants everywhere is easier than converting
all freeciv to wide characters?

    _______________________________________________________

Reply to this item at:

  <http://gna.org/patch/?1582>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to