WingNews logo WingNews
top | item 18687790

(no title)

jared0x90 | 7 years ago

I casually thumbed through a few of the commits they posted and came across this

https://chromium.googlesource.com/chromium/src/+/c368e30ae55...

   for(i=0; i<nChar; i++){
     if( n>=nByte ) return 0;      /* Input contains fewer than nChar chars */
     if( (unsigned char)p[n++]>=0xc0 ){
   -      while( (p[n] & 0xc0)==0x80 ) n++;
   +      while( (p[n] & 0xc0)==0x80 ){
   +        n++;
   +        if( n>=nByte ) break;
   +      }
     }
   }
   return n;
Looks like there may have been an issue in parsing malformed multibyte unicode characters properly.

discuss

order

jared0x90|7 years ago

   const secondStatements = [
   "SELECT quote(root) from ft_segdir;",
   "UPDATE ft_segdir SET root = X'0005616261636B03010200FFFFFFFF070266740302020003046E646F6E03030200';",
   "SELECT * FROM ft WHERE ft MATCH 'abandon';"
   ];
Just saw the proof of concept page. Looks like they are building quite the usual string in hex... Starting with a null terminator? Mmmhmmm