From 5f04cb1c3ec33b158bb5cea550a41d90415761a2 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Tue, 7 Jul 2009 13:49:32 -0500
Subject: Fix length check for valid UCS2 starting with 0xff

---
 src/util.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/util.c')

diff --git a/src/util.c b/src/util.c
index 70fa871a..91116d0d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -720,8 +720,15 @@ char *sim_string_to_utf8(const unsigned char *buffer, int length)
 
 	switch (buffer[0]) {
 	case 0x80:
+		if (((length - 1) % 2) == 1) {
+			if (buffer[length - 1] != 0xff)
+				return NULL;
+
+			length = length - 1;
+		}
+
 		for (i = 1; i < length; i += 2)
-			if (buffer[i] == 0xff)
+			if (buffer[i] == 0xff && buffer[i + 1] == 0xff)
 				break;
 
 		return g_convert(buffer + 1, i - 1,
-- 
cgit v1.2.3