/Users/brunogarcia/projects/bitcoin-core-dev/src/univalue/include/univalue_utffilter.h

Source
// Copyright 2016 Wladimir J. van der Laan
// Distributed under the MIT software license, see the accompanying
// file COPYING or https://opensource.org/licenses/mit-license.php.
#ifndef BITCOIN_UNIVALUE_INCLUDE_UNIVALUE_UTFFILTER_H
#define BITCOIN_UNIVALUE_INCLUDE_UNIVALUE_UTFFILTER_H

#include <string>

/**
 * Filter that generates and validates UTF-8, as well as collates UTF-16
 * surrogate pairs as specified in RFC4627.
 */
class JSONUTF8StringFilter
{
public:
    explicit JSONUTF8StringFilter(std::string& s)
        : str(s)
    {
    }
    // Write single 8-bit char (may be part of UTF-8 sequence)
    void push_back(unsigned char ch)
    {
        if (state == 0) {
            if (ch < 0x80) // 7-bit ASCII, fast direct pass-through
                str.push_back(ch);
            else if (ch < 0xc0) // Mid-sequence character, invalid in this state
                is_valid = false;
            else if (ch < 0xe0) { // Start of 2-byte sequence
                codepoint = (ch & 0x1f) << 6;
                state = 6;
            } else if (ch < 0xf0) { // Start of 3-byte sequence
                codepoint = (ch & 0x0f) << 12;
                state = 12;
            } else if (ch < 0xf8) { // Start of 4-byte sequence
                codepoint = (ch & 0x07) << 18;
                state = 18;
            } else // Reserved, invalid
                is_valid = false;
        } else {
            if ((ch & 0xc0) != 0x80) // Not a continuation, invalid
                is_valid = false;
            state -= 6;
            codepoint |= (ch & 0x3f) << state;
            if (state == 0)
                push_back_u(codepoint);
        }
    }
    // Write codepoint directly, possibly collating surrogate pairs
    void push_back_u(unsigned int codepoint_)
    {
        if (state) // Only accept full codepoints in open state
            is_valid = false;
        if (codepoint_ >= 0xD800 && codepoint_ < 0xDC00) { // First half of surrogate pair
            if (surpair) // Two subsequent surrogate pair openers - fail
                is_valid = false;
            else
                surpair = codepoint_;
        } else if (codepoint_ >= 0xDC00 && codepoint_ < 0xE000) { // Second half of surrogate pair
            if (surpair) { // Open surrogate pair, expect second half
                // Compute code point from UTF-16 surrogate pair
                append_codepoint(0x10000 | ((surpair - 0xD800)<<10) | (codepoint_ - 0xDC00));
                surpair = 0;
            } else // Second half doesn't follow a first half - fail
                is_valid = false;
        } else {
            if (surpair) // First half of surrogate pair not followed by second - fail
                is_valid = false;
            else
                append_codepoint(codepoint_);
        }
    }
    // Check that we're in a state where the string can be ended
    // No open sequences, no open surrogate pairs, etc
    bool finalize()
    {
        if (state || surpair)
            is_valid = false;
        return is_valid;
    }
private:
    std::string &str;
    bool is_valid{true};
    // Current UTF-8 decoding state
    unsigned int codepoint{0};
    int state{0}; // Top bit to be filled in for next UTF-8 byte, or 0

    // Keep track of the following state to handle the following section of
    // RFC4627:
    //
    //    To escape an extended character that is not in the Basic Multilingual
    //    Plane, the character is represented as a twelve-character sequence,
    //    encoding the UTF-16 surrogate pair.  So, for example, a string
    //    containing only the G clef character (U+1D11E) may be represented as
    //    "\uD834\uDD1E".
    //
    //  Two subsequent \u.... may have to be replaced with one actual codepoint.
    unsigned int surpair{0}; // First half of open UTF-16 surrogate pair, or 0

    void append_codepoint(unsigned int codepoint_)
    {
        if (codepoint_ <= 0x7f)
            str.push_back((char)codepoint_);
        else if (codepoint_ <= 0x7FF) {
            str.push_back((char)(0xC0 | (codepoint_ >> 6)));
            str.push_back((char)(0x80 | (codepoint_ & 0x3F)));
        } else if (codepoint_ <= 0xFFFF) {
            str.push_back((char)(0xE0 | (codepoint_ >> 12)));
            str.push_back((char)(0x80 | ((codepoint_ >> 6) & 0x3F)));
            str.push_back((char)(0x80 | (codepoint_ & 0x3F)));
        } else if (codepoint_ <= 0x1FFFFF) {
            str.push_back((char)(0xF0 | (codepoint_ >> 18)));
            str.push_back((char)(0x80 | ((codepoint_ >> 12) & 0x3F)));
            str.push_back((char)(0x80 | ((codepoint_ >> 6) & 0x3F)));
            str.push_back((char)(0x80 | (codepoint_ & 0x3F)));
        }
    }
};

#endif // BITCOIN_UNIVALUE_INCLUDE_UNIVALUE_UTFFILTER_H

Bitcoin Core Fuzz Coverage Report for #26966

Coverage Report

Created: 2025-10-10 09:12

Line	Count	Source
1		// Copyright 2016 Wladimir J. van der Laan
2		// Distributed under the MIT software license, see the accompanying
3		// file COPYING or https://opensource.org/licenses/mit-license.php.
4		#ifndef BITCOIN_UNIVALUE_INCLUDE_UNIVALUE_UTFFILTER_H
5		#define BITCOIN_UNIVALUE_INCLUDE_UNIVALUE_UTFFILTER_H
6
7		#include <string>
8
9		/**
10		* Filter that generates and validates UTF-8, as well as collates UTF-16
11		* surrogate pairs as specified in RFC4627.
12		*/
13		class JSONUTF8StringFilter
14		{
15		public:
16		explicit JSONUTF8StringFilter(std::string& s)
17	0	: str(s)
18	0	{
19	0	}
20		// Write single 8-bit char (may be part of UTF-8 sequence)
21		void push_back(unsigned char ch)
22	0	{
23	0	if (state == 0) {
24	0	if (ch < 0x80) // 7-bit ASCII, fast direct pass-through
25	0	str.push_back(ch);
26	0	else if (ch < 0xc0) // Mid-sequence character, invalid in this state
27	0	is_valid = false;
28	0	else if (ch < 0xe0) { // Start of 2-byte sequence
29	0	codepoint = (ch & 0x1f) << 6;
30	0	state = 6;
31	0	} else if (ch < 0xf0) { // Start of 3-byte sequence
32	0	codepoint = (ch & 0x0f) << 12;
33	0	state = 12;
34	0	} else if (ch < 0xf8) { // Start of 4-byte sequence
35	0	codepoint = (ch & 0x07) << 18;
36	0	state = 18;
37	0	} else // Reserved, invalid
38	0	is_valid = false;
39	0	} else {
40	0	if ((ch & 0xc0) != 0x80) // Not a continuation, invalid
41	0	is_valid = false;
42	0	state -= 6;
43	0	codepoint \|= (ch & 0x3f) << state;
44	0	if (state == 0)
45	0	push_back_u(codepoint);
46	0	}
47	0	}
48		// Write codepoint directly, possibly collating surrogate pairs
49		void push_back_u(unsigned int codepoint_)
50	0	{
51	0	if (state) // Only accept full codepoints in open state
52	0	is_valid = false;
53	0	if (codepoint_ >= 0xD800 && codepoint_ < 0xDC00) { // First half of surrogate pair
54	0	if (surpair) // Two subsequent surrogate pair openers - fail
55	0	is_valid = false;
56	0	else
57	0	surpair = codepoint_;
58	0	} else if (codepoint_ >= 0xDC00 && codepoint_ < 0xE000) { // Second half of surrogate pair
59	0	if (surpair) { // Open surrogate pair, expect second half
60		// Compute code point from UTF-16 surrogate pair
61	0	append_codepoint(0x10000 \| ((surpair - 0xD800)<<10) \| (codepoint_ - 0xDC00));
62	0	surpair = 0;
63	0	} else // Second half doesn't follow a first half - fail
64	0	is_valid = false;
65	0	} else {
66	0	if (surpair) // First half of surrogate pair not followed by second - fail
67	0	is_valid = false;
68	0	else
69	0	append_codepoint(codepoint_);
70	0	}
71	0	}
72		// Check that we're in a state where the string can be ended
73		// No open sequences, no open surrogate pairs, etc
74		bool finalize()
75	0	{
76	0	if (state \|\| surpair)
77	0	is_valid = false;
78	0	return is_valid;
79	0	}
80		private:
81		std::string &str;
82		bool is_valid{true};
83		// Current UTF-8 decoding state
84		unsigned int codepoint{0};
85		int state{0}; // Top bit to be filled in for next UTF-8 byte, or 0
86
87		// Keep track of the following state to handle the following section of
88		// RFC4627:
89		//
90		// To escape an extended character that is not in the Basic Multilingual
91		// Plane, the character is represented as a twelve-character sequence,
92		// encoding the UTF-16 surrogate pair. So, for example, a string
93		// containing only the G clef character (U+1D11E) may be represented as
94		// "\uD834\uDD1E".
95		//
96		// Two subsequent \u.... may have to be replaced with one actual codepoint.
97		unsigned int surpair{0}; // First half of open UTF-16 surrogate pair, or 0
98
99		void append_codepoint(unsigned int codepoint_)
100	0	{
101	0	if (codepoint_ <= 0x7f)
102	0	str.push_back((char)codepoint_);
103	0	else if (codepoint_ <= 0x7FF) {
104	0	str.push_back((char)(0xC0 \| (codepoint_ >> 6)));
105	0	str.push_back((char)(0x80 \| (codepoint_ & 0x3F)));
106	0	} else if (codepoint_ <= 0xFFFF) {
107	0	str.push_back((char)(0xE0 \| (codepoint_ >> 12)));
108	0	str.push_back((char)(0x80 \| ((codepoint_ >> 6) & 0x3F)));
109	0	str.push_back((char)(0x80 \| (codepoint_ & 0x3F)));
110	0	} else if (codepoint_ <= 0x1FFFFF) {
111	0	str.push_back((char)(0xF0 \| (codepoint_ >> 18)));
112	0	str.push_back((char)(0x80 \| ((codepoint_ >> 12) & 0x3F)));
113	0	str.push_back((char)(0x80 \| ((codepoint_ >> 6) & 0x3F)));
114	0	str.push_back((char)(0x80 \| (codepoint_ & 0x3F)));
115	0	}
116	0	}
117		};
118
119		#endif // BITCOIN_UNIVALUE_INCLUDE_UNIVALUE_UTFFILTER_H