git: b80d4b2f93e5 - releng/14.0 - tty/teken: fix UTF8 sequence validation logic

From: Christos Margiolis <christos_at_FreeBSD.org>
Date: Sun, 22 Oct 2023 11:57:39 UTC
The branch releng/14.0 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=b80d4b2f93e54b81041a518ea4c0a8be2985a658

commit b80d4b2f93e54b81041a518ea4c0a8be2985a658
Author:     Bojan Novković <bojan.novkovic@fer.hr>
AuthorDate: 2023-10-13 05:14:36 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2023-10-22 11:57:00 +0000

    tty/teken: fix UTF8 sequence validation logic
    
    This patch fixes UTF-8 sequence validation logic in
    teken_utf8_bytes_to_codepoint() and fixes fallback behaviour in
    ttydisc_rubchar() when an invalid UTF8 sequence is encountered. The code
    previously used __bitcount() to extract sequence length information from
    the leading byte. However, this assumption breaks for certain code
    points that have additional bits set in the first half of the leading
    byte (e.g. Cyrillic characters). This lead to incorrect behaviour when
    deleting those characters using backspaces. The code now checks the
    number of consecutive set bits in the leading byte starting from the
    MSB, as per RFC 3629.
    
    Reviewed by:    christos
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D42147
    
    (cherry picked from commit 2fed1c579c52d63b72fc08ffcc652ba0183f9254)
    Approved by:    re (gjb)
---
 sys/kern/tty_ttydisc.c    | 12 +++++++-----
 sys/teken/teken_wcwidth.h | 23 ++++++++++++++++++++---
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/sys/kern/tty_ttydisc.c b/sys/kern/tty_ttydisc.c
index eae7162e31c0..c46579cefbb1 100644
--- a/sys/kern/tty_ttydisc.c
+++ b/sys/kern/tty_ttydisc.c
@@ -844,23 +844,25 @@ ttydisc_rubchar(struct tty *tp)
 					 */
 					ttyinq_write(&tp->t_inq, bytes,
 					    UTF8_STACKBUF, 0);
+					ttyinq_unputchar(&tp->t_inq);
 				} else {
 					/* Find codepoint and width. */
 					codepoint =
 					    teken_utf8_bytes_to_codepoint(bytes,
 						nb);
-					if (codepoint !=
-					    TEKEN_UTF8_INVALID_CODEPOINT) {
-						cwidth = teken_wcwidth(
-						    codepoint);
-					} else {
+					if (codepoint ==
+						TEKEN_UTF8_INVALID_CODEPOINT ||
+					    (cwidth = teken_wcwidth(
+						 codepoint)) == -1) {
 						/*
 						 * Place all bytes back into the
 						 * inq and fall back to
 						 * default behaviour.
 						 */
+						cwidth = 1;
 						ttyinq_write(&tp->t_inq, bytes,
 						    nb, 0);
+						ttyinq_unputchar(&tp->t_inq);
 					}
 				}
 				tp->t_column -= cwidth;
diff --git a/sys/teken/teken_wcwidth.h b/sys/teken/teken_wcwidth.h
index bc40c23a6eb7..14af2c6f9530 100644
--- a/sys/teken/teken_wcwidth.h
+++ b/sys/teken/teken_wcwidth.h
@@ -128,15 +128,32 @@ static inline teken_char_t
 teken_utf8_bytes_to_codepoint(uint8_t bytes[4], int nbytes)
 {
 
-  /* Check for malformed characters. */
-  if (__bitcount(bytes[0] & 0xf0) != nbytes)
+ /*
+  * Check for malformed characters by comparing 'nbytes'
+  * to the byte length of the character.
+  *
+  * The table in section 3 of RFC 3629 defines 4 different
+  * values indicating the length of a UTF-8 byte sequence.
+  *
+  * 0xxxxxxx -> 1 byte
+  * 110xxxxx -> 2 bytes
+  * 1110xxxx -> 3 bytes
+  * 11110xxx -> 4 bytes
+  *
+  * The length is determined by the higher-order bits in
+  * the leading octet (except in the first case, where an MSB
+  * of 0 means a byte length of 1). Here we flip the 4 upper
+  * bits and count the leading zeros using __builtin_clz()
+  * to determine the number of bytes.
+  */
+  if (__builtin_clz(~(bytes[0] & 0xf0) << 24) != nbytes)
     return (TEKEN_UTF8_INVALID_CODEPOINT);
 
   switch (nbytes) {
   case 1:
     return (bytes[0] & 0x7f);
   case 2:
-    return (bytes[0] & 0xf) << 6 | (bytes[1] & 0x3f);
+    return (bytes[0] & 0x1f) << 6 | (bytes[1] & 0x3f);
   case 3:
     return (bytes[0] & 0xf) << 12 | (bytes[1] & 0x3f) << 6 | (bytes[2] & 0x3f);
   case 4: