diff --git a/components/playlist/xspf/uriparser/Uri.h b/components/playlist/xspf/uriparser/Uri.h
index d2c86103..b80ac6ca 100644
--- a/components/playlist/xspf/uriparser/Uri.h
+++ b/components/playlist/xspf/uriparser/Uri.h
@@ -1,4 +1,4 @@
-/* 4bf720e0ca97527a28e4c30f1c35b36a0b5f2697265c5ddc81080eaab4344ef2 (0.9.7+)
+/* e8e2c75d033ddfe256fe87c3fd5a330a6f2c9cbb376ebd83a1b3263e804c766a (0.9.8+)
*
* uriparser - RFC 3986 URI parsing library
*
@@ -352,10 +352,19 @@ URI_PUBLIC int URI_FUNC(FreeUriMembersMm)(URI_TYPE(Uri) * uri,
/**
* Percent-encodes all unreserved characters from the input string and
* writes the encoded version to the output string.
- * Be sure to allocate 3 times the space of the input buffer for
+ *
+ * NOTE: Be sure to allocate 3 times the space of the input buffer for
* the output buffer for normalizeBreaks == URI_FALSE and 6 times
* the space for normalizeBreaks == URI_TRUE
- * (since e.g. "\x0d" becomes "%0D%0A" in that case)
+ * (since e.g. "\x0d" becomes "%0D%0A" in that case).
+ *
+ * NOTE: The implementation treats (both char and) wchar_t units
+ * as code point integers, which works well for code points U+0001 to U+00ff
+ * in host-native endianness but nothing more;
+ * in particular, using uriEscapeExW with arbitrary Unicode input will
+ * not produce healthy results.
+ * Passing UTF-8 input to uriEscapeExA may be useful in some scenarios.
+ * Keep in mind that uriparser is about %URI (RFC 3986) not %IRI (RFC 3987).
*
* @param inFirst IN: Pointer to first character of the input text
* @param inAfterLast IN: Pointer after the last character of the input text
@@ -377,10 +386,19 @@ URI_PUBLIC URI_CHAR * URI_FUNC(EscapeEx)(const URI_CHAR * inFirst,
/**
* Percent-encodes all unreserved characters from the input string and
* writes the encoded version to the output string.
- * Be sure to allocate 3 times the space of the input buffer for
+ *
+ * NOTE: Be sure to allocate 3 times the space of the input buffer for
* the output buffer for normalizeBreaks == URI_FALSE and 6 times
* the space for normalizeBreaks == URI_TRUE
- * (since e.g. "\x0d" becomes "%0D%0A" in that case)
+ * (since e.g. "\x0d" becomes "%0D%0A" in that case).
+ *
+ * NOTE: The implementation treats (both char and) wchar_t units
+ * as code point integers, which works well for code points U+0001 to U+00ff
+ * in host-native endianness but nothing more;
+ * in particular, using uriEscapeW with arbitrary Unicode input will
+ * not produce healthy results.
+ * Passing UTF-8 input to uriEscapeA may be useful in some scenarios.
+ * Keep in mind that uriparser is about %URI (RFC 3986) not %IRI (RFC 3987).
*
* @param in IN: Text source
* @param out OUT: Encoded text destination
@@ -608,6 +626,10 @@ URI_PUBLIC int URI_FUNC(ToStringCharsRequired)(const URI_TYPE(Uri) * uri,
* Converts a %URI structure back to text as described in
* section 5.3 of RFC 3986.
*
+ * NOTE: Scheme-based normalization
+ * (section 6.2.3 of RFC 3986)
+ * is not applied and is considered a responsibility of the application using uriparser.
+ *
* @param dest OUT: Output destination
* @param uri IN: %URI to convert
* @param maxChars IN: Maximum number of characters to copy including terminator
diff --git a/components/playlist/xspf/uriparser/UriBase.h b/components/playlist/xspf/uriparser/UriBase.h
index 5216b1dd..dc3883e6 100644
--- a/components/playlist/xspf/uriparser/UriBase.h
+++ b/components/playlist/xspf/uriparser/UriBase.h
@@ -55,7 +55,7 @@
/* Version */
#define URI_VER_MAJOR 0
#define URI_VER_MINOR 9
-#define URI_VER_RELEASE 7
+#define URI_VER_RELEASE 8
#define URI_VER_SUFFIX_ANSI ""
#define URI_VER_SUFFIX_UNICODE URI_ANSI_TO_UNICODE(URI_VER_SUFFIX_ANSI)
diff --git a/components/playlist/xspf/uriparser/UriConfig.h b/components/playlist/xspf/uriparser/UriConfig.h
index 6fd4d7f2..e74f2187 100644
--- a/components/playlist/xspf/uriparser/UriConfig.h
+++ b/components/playlist/xspf/uriparser/UriConfig.h
@@ -41,7 +41,7 @@
-#define PACKAGE_VERSION "0.9.7"
+#define PACKAGE_VERSION "0.9.8"
#undef HAVE_WPRINTF
#undef HAVE_REALLOCARRAY
diff --git a/components/playlist/xspf/uriparser/UriQuery.c b/components/playlist/xspf/uriparser/UriQuery.c
index b2734bc2..bbc15488 100644
--- a/components/playlist/xspf/uriparser/UriQuery.c
+++ b/components/playlist/xspf/uriparser/UriQuery.c
@@ -70,6 +70,7 @@
#include
+#include /* size_t */
@@ -177,10 +178,13 @@ int URI_FUNC(ComposeQueryMallocExMm)(URI_CHAR ** dest,
if (res != URI_SUCCESS) {
return res;
}
+ if (charsRequired == INT_MAX) {
+ return URI_ERROR_MALLOC;
+ }
charsRequired++;
/* Allocate space */
- queryString = memory->malloc(memory, charsRequired * sizeof(URI_CHAR));
+ queryString = memory->calloc(memory, charsRequired, sizeof(URI_CHAR));
if (queryString == NULL) {
return URI_ERROR_MALLOC;
}
@@ -218,16 +222,16 @@ int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
const URI_CHAR * const key = queryList->key;
const URI_CHAR * const value = queryList->value;
const int worstCase = (normalizeBreaks == URI_TRUE ? 6 : 3);
- const int keyLen = (key == NULL) ? 0 : (int)URI_STRLEN(key);
+ const size_t keyLen = (key == NULL) ? 0 : URI_STRLEN(key);
int keyRequiredChars;
- const int valueLen = (value == NULL) ? 0 : (int)URI_STRLEN(value);
+ const size_t valueLen = (value == NULL) ? 0 : URI_STRLEN(value);
int valueRequiredChars;
- if ((keyLen >= INT_MAX / worstCase) || (valueLen >= INT_MAX / worstCase)) {
+ if ((keyLen >= (size_t)INT_MAX / worstCase) || (valueLen >= (size_t)INT_MAX / worstCase)) {
return URI_ERROR_OUTPUT_TOO_LARGE;
}
- keyRequiredChars = worstCase * keyLen;
- valueRequiredChars = worstCase * valueLen;
+ keyRequiredChars = worstCase * (int)keyLen;
+ valueRequiredChars = worstCase * (int)valueLen;
if (dest == NULL) {
(*charsRequired) += ampersandLen + keyRequiredChars + ((value == NULL)