From 5534e0e1d9c9625eecc2fbf517a0dee5c2ca1d6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Sat, 22 Jun 2024 02:44:18 +0200
Subject: [PATCH] common: validate parsed unicode codepoints value

Fixes UB when converting out of expected range values.

Found by OSS-Fuzz.
---
 common/common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/common.c b/common/common.c
index 445ca64631..d9468fba94 100644
--- a/common/common.c
+++ b/common/common.c
@@ -273,7 +273,7 @@ static bool mp_parse_escape(void *talloc_ctx, bstr *dst, bstr *code)
     if (code->start[0] == 'u' && code->len >= 5) {
         bstr num = bstr_splice(*code, 1, 5);
         uint32_t c = bstrtoll(num, &num, 16);
-        if (num.len)
+        if (num.len || c > 0x10FFFF)
             return false;
         if (c >= 0xd800 && c <= 0xdbff) {
             if (code->len < 5 + 6 // udddd + \udddd