D 2023-07-22T07:17:50.327
J icomment Currently,\s`OFString`\sdoes\snot\sreject\sa\s`\\0`\swithin\sthe\sstring.\sHowever,\s`OFString`s\soften\sget\spassed\sas\sC\sstrings.\sTherefore,\seither\sone\sof\sthe\sfollowing\sshould\sbe\sdone:\r\n\r\n\s*\sAudit\sall\soccurrences\swhere\san\s`OFString`\sis\spassed\sas\sa\sC\sstring.\r\n\s*\sTruncate\sthe\slength\sto\sthe\sfirst\soccurrence\sof\s`\\0`.\r\n\s*\sExtend\sthe\scurrent\sstring\schecking\scode\sto\sreject\s`\\0`\sin\sthere\sif\sa\slength\shas\sbeen\sspecified.\r\n\s\s\s*\sIf\sno\slength\shas\sbeen\sspecified,\sit\scannot\sbe\slonger\suntil\sthe\s`\\0`\sanyway.\r\n\s\s\s*\sA\sgood\splace\sfor\sthis\swould\sbe\sin\sthe\scode\sthat\schecks\swhether\sthe\spassed\sstring\sis\svalid\sUTF-8,\sto\savoid\sgoing\sthrough\sthe\ssame\sstring\stwice.\r\n\s\s\s\s\s*\sThis\smeans\sstrings\sof\sanother\sencoding\sneed\sto\scheck\sfor\s`\\0`\sduring\stheir\sconversion\sto\sUTF-8,\sas\sUTF-8\sis\snot\svalidated\sthere\ssince\sit\swas\sjust\sconverted\sand\shence\sassumed\scorrect.\r\n\r\nThe\sfirst\soption\sprobably\sdoesn't\sscale,\sas\sthere\sare\smany\splaces\swhere\san\s`OFString`\sis\spassed\sas\sa\sC\sstring\sand\sdoesn't\scover\swhere\sthis\sis\sbeing\sdone\soutside\sof\sObjFW.\sSo\sthis\swould\sbe\sa\spotential\sfoot\sgun\sfor\susers.\r\n\r\nThe\ssecond\soption\smight\sbe\sunexpected\sand\slead\sto\sbugs,\sbecause\sthe\suser\shas\sjust\sspecified\sa\slength\sfor\sthe\sstring\sto\screate,\sbut\sthe\sjust\screated\sstring\shas\sa\sdifferent\slength.\r\n\r\nTherefore,\sthe\sthird\soption\sprobably\smakes\smost\ssense.
J login js
J milestone none
J mimetype text/x-markdown
J priority High
J private_contact c8a37120da0f2517297a682b10203a3a5eef21c2
J severity Important
J status Open
J title String\s\\0\ssafety
J type Enhancement
K 134d90a99615cc7590173d97a37949db8c9574d5
U js
Z 49e52fd885a4fe95c325e90eb8772c61