[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: byteoffset() in lutf8lib.c from 5.3, work2
- From: Roberto Ierusalimschy <roberto@...>
- Date: Tue, 13 May 2014 10:31:11 -0300
> We're supposed to use utf8.len() to validate the string, yes?
If necessary; but I am not sure that is a common case. RFC 2279,
which describes UTF-8, says this about security:
Implementations of the decoding algorithm above MUST protect against
decoding invalid sequences.
Utf8.offset does not decode anything. All functions in the library
that decode sequences do protect against decoding invalid sequences.