Check if input to dc_send_text_msg is valid utf8

With this change, passing invalid utf8 string to `dc_send_text_msg' does not crash application, it prints warning and returns error code. It should be admitted that this fix is sub-optimal: if input C string is valid utf8 (which is likely), result of successful conversion to `&str' is discarded in `dc_send_text_msg', and the same input C string is converted again with `as_str' in `prepare_msg_raw'. It is not clear how to fix it in non-disruptive way, since input C string is passed down to call stack as part of `dc_msg_t' struct, which is part of C ABI.
2026-04-02 05:22:14 +03:00 · 2019-07-27 09:04:20 +00:00
parent d1968d8ccb
commit 36b5f4da53
3 changed files with 12 additions and 4 deletions
--- a/examples/repl/cmdline.rs
+++ b/examples/repl/cmdline.rs
@@ -957,7 +957,6 @@ pub unsafe fn dc_cmdline(context: &Context, line: &str) -> Result<(), failure::E
            } else {
                bail!("Garbage sending failed, as expected.");
            }
-
        }
        "sendempty" => {
            ensure!(!sel_chat.is_null(), "No chat selected.");
--- a/src/dc_chat.rs
+++ b/src/dc_chat.rs
@@ -976,6 +976,11 @@ pub unsafe fn dc_send_text_msg(
        return 0;
    }

+    if let Err(err) = as_str_safe(text_to_send) {
+        warn!(context, 0, "{}", err);
+        return 0;
+    }
+
    let mut msg = dc_msg_new(context, 10);
    (*msg).text = dc_strdup(text_to_send);
    let ret = dc_send_msg(context, chat_id, msg);
--- a/src/dc_tools.rs
+++ b/src/dc_tools.rs
@@ -4,6 +4,7 @@ use std::fs;
 use std::time::SystemTime;

 use chrono::{Local, TimeZone};
+use failure::format_err;
 use mmime::mailimf_types::*;
 use rand::{thread_rng, Rng};

@@ -1563,13 +1564,16 @@ pub fn to_string_lossy(s: *const libc::c_char) -> String {
 }

 pub fn as_str<'a>(s: *const libc::c_char) -> &'a str {
+    as_str_safe(s).unwrap_or_else(|err| panic!("{}", err))
+}
+
+pub fn as_str_safe<'a>(s: *const libc::c_char) -> Result<&'a str, failure::Error> {
    assert!(!s.is_null(), "cannot be used on null pointers");

    let cstr = unsafe { CStr::from_ptr(s) };

-    cstr.to_str().unwrap_or_else(|err| {
-        panic!("Non utf8 string: '{:?}' ({:?})", cstr.to_bytes(), err);
-    })
+    cstr.to_str()
+        .map_err(|err| format_err!("Non utf8 string: '{:?}' ({:?})", cstr.to_bytes(), err))
 }

 /// Convert a C `*char` pointer to a [std::path::Path] slice.