escape: Ensure that output is always valid UTF-8

This ensures that shell string escape operations will not produce output
with invalid UTF-8 from the input by escaping invalid UTF-8 data as if
they were single byte characters.

diff --git a/src/basic/escape.c b/src/basic/escape.c
index e04b435d5b9fb51c04385fc25cea403117c46819..317e2786d1a089603aafd8e201e18ab83762b1a0 100644 (file)
--- a/src/basic/escape.c
+++ b/src/basic/escape.c
@@ -474,14 +474,20 @@ char* octescape(const char *s, size_t len) {
 static char* strcpy_backslash_escaped(char *t, const char *s, const char *bad) {
         assert(bad);
 
-        for (; *s; s++)
-                if (char_is_cc(*s))
-                        t += cescape_char(*s, t);
-                else {
+        while (*s) {
+                int l = utf8_encoded_valid_unichar(s, SIZE_MAX);
+
+                if (char_is_cc(*s) || l < 0)
+                        t += cescape_char(*(s++), t);
+                else if (l == 1) {
                         if (*s == '\\' || strchr(bad, *s))
                                 *(t++) = '\\';
-                        *(t++) = *s;
+                        *(t++) = *(s++);
+                } else {
+                        t = mempcpy(t, s, l);
+                        s += l;
                 }
+        }
 
         return t;
 }
@@ -510,11 +516,16 @@ char* shell_maybe_quote(const char *s, ShellEscapeFlags flags) {
         if (FLAGS_SET(flags, SHELL_ESCAPE_EMPTY) && isempty(s))
                 return strdup("\"\""); /* We don't use $'' here in the POSIX mode. "" is fine too. */
 
-        for (p = s; *p; p++)
-                if (char_is_cc(*p) ||
+        for (p = s; *p; ) {
+                int l = utf8_encoded_valid_unichar(p, SIZE_MAX);
+
+                if (char_is_cc(*p) || l < 0 ||
                     strchr(WHITESPACE SHELL_NEED_QUOTES, *p))
                         break;
 
+                p += l;
+        }
+
         if (!*p)
                 return strdup(s);