diff options
author | Kunal Malhotra <malhk@google.com> | 2023-06-02 23:32:02 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-08-22 02:12:35 +0000 |
commit | 23d54f494415b8364d0402955ed291fd43630d59 (patch) | |
tree | 59e1090a9a2eb0fd6efc580fbac9aca4e0435a2f | |
parent | 7b29cc0ad44e6dd3f582e4372095acf0cad138e5 (diff) | |
download | base-23d54f494415b8364d0402955ed291fd43630d59.tar.gz |
Fixing DatabaseUtils to detect malformed UTF-16 strings
Test: tested with POC in bug, also using atest
Bug: 224771621
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0e371afb3000c499e0781168ec881a47eab93bad)
Merged-In: Ide65205b83063801971c5778af3154bcf3f0e530
Change-Id: Ide65205b83063801971c5778af3154bcf3f0e530
-rw-r--r-- | core/java/android/database/DatabaseUtils.java | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/core/java/android/database/DatabaseUtils.java b/core/java/android/database/DatabaseUtils.java index 6c8a8500e4e3..d41df4f49d48 100644 --- a/core/java/android/database/DatabaseUtils.java +++ b/core/java/android/database/DatabaseUtils.java @@ -511,17 +511,31 @@ public class DatabaseUtils { */ public static void appendEscapedSQLString(StringBuilder sb, String sqlString) { sb.append('\''); - if (sqlString.indexOf('\'') != -1) { - int length = sqlString.length(); - for (int i = 0; i < length; i++) { - char c = sqlString.charAt(i); - if (c == '\'') { - sb.append('\''); + int length = sqlString.length(); + for (int i = 0; i < length; i++) { + char c = sqlString.charAt(i); + if (Character.isHighSurrogate(c)) { + if (i == length - 1) { + continue; + } + if (Character.isLowSurrogate(sqlString.charAt(i + 1))) { + // add them both + sb.append(c); + sb.append(sqlString.charAt(i + 1)); + continue; + } else { + // this is a lone surrogate, skip it + continue; } - sb.append(c); } - } else - sb.append(sqlString); + if (Character.isLowSurrogate(c)) { + continue; + } + if (c == '\'') { + sb.append('\''); + } + sb.append(c); + } sb.append('\''); } |