From 06526ff38c6323f1958d75b3a20b02f0c7cb07d9 Mon Sep 17 00:00:00 2001
From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Fri, 29 Oct 2021 13:57:26 +0000
Subject: [PATCH] Fixed decodeURI() and decodeURIComponent() with invalid byte
 strings.

The issue was introduced in 855edd76bdb6 (0.4.3).

This closes #435 issue on Github.
---
 src/njs_string.c         | 13 +++++++------
 src/test/njs_unit_test.c |  3 +++
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/njs_string.c b/src/njs_string.c
index fc7b3dec..871561bf 100644
--- a/src/njs_string.c
+++ b/src/njs_string.c
@@ -4496,26 +4496,27 @@ njs_string_decode_uri_cp(const int8_t *hex, const u_char **start,
 
     cp = njs_utf8_decode(&ctx, start, end);
     if (njs_fast_path(cp != '%')) {
-        return expect_percent ? 0xFFFFFFFF: cp;
+        return expect_percent ? NJS_UNICODE_ERROR : cp;
     }
 
     p = *start;
 
     if (njs_slow_path((p + 1) >= end)) {
-        return 0xFFFFFFFF;
+        return NJS_UNICODE_ERROR;
     }
 
     d0 = hex[*p++];
     if (njs_slow_path(d0 < 0)) {
-        return 0xFFFFFFFF;
+        return NJS_UNICODE_ERROR;
     }
 
     d1 = hex[*p++];
     if (njs_slow_path(d1 < 0)) {
-        return 0xFFFFFFFF;
+        return NJS_UNICODE_ERROR;
     }
 
     *start += 2;
+
     return (d0 << 4) + d1;
 }
 
@@ -4631,7 +4632,7 @@ njs_string_decode_uri(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
     while (src < end) {
         percent = (src[0] == '%');
         cp = njs_string_decode_uri_cp(hex, &src, end, 0);
-        if (njs_slow_path(cp == 0xFFFFFFFF)) {
+        if (njs_slow_path(cp > NJS_UNICODE_MAX_CODEPOINT)) {
             goto uri_error;
         }
 
@@ -4677,7 +4678,7 @@ njs_string_decode_uri(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
 
         for (i = 1; i < n; i++) {
             cp = njs_string_decode_uri_cp(hex, &src, end, 1);
-            if (njs_slow_path(cp == 0xFFFFFFFF)) {
+            if (njs_slow_path(cp > NJS_UNICODE_MAX_CODEPOINT)) {
                 goto uri_error;
             }
 
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index 4309c508..1cfa7699 100644
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -9209,6 +9209,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("decodeURI('%D0%B0%D0%B1%D0%B2').length"),
       njs_str("3")},
 
+    { njs_str("decodeURI(String.bytesFrom([0x80,0x80]))"),
+      njs_str("URIError: malformed URI")},
+
     { njs_str("["
               " '%',"
               " '%0',"
-- 
2.47.3