From ecad8c6c7e0aca3225c432f0ea5b11e160c6c5ce Mon Sep 17 00:00:00 2001
From: Victor Hora <vhora@trustwave.com>
Date: Tue, 13 Nov 2018 20:14:18 -0500
Subject: [PATCH] Fix buffer size for utf8toUnicode transformation

---
 CHANGES                                        | 3 ++-
 src/actions/transformations/utf8_to_unicode.cc | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 13ea2d32..1f2e882f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,7 +1,8 @@
 v3.0.4 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
-
+ * Fix buffer size for utf8toUnicode transformation 
+   [Issue #1208 - @katef, @victorhora]
 
 
 v3.0.3 - 2018-Nov-05
diff --git a/src/actions/transformations/utf8_to_unicode.cc b/src/actions/transformations/utf8_to_unicode.cc
index f8741fce..1cdf1ddb 100644
--- a/src/actions/transformations/utf8_to_unicode.cc
+++ b/src/actions/transformations/utf8_to_unicode.cc
@@ -72,7 +72,9 @@ char *Utf8ToUnicode::inplace(unsigned char *input,
     unsigned char unicode[8];
     *changed = 0;
 
-    len = input_len * 7 + 1;
+    /* RFC3629 states that UTF-8 are encoded using sequences of 1 to 4 octets. */
+    /* Max size per character should fit in 4 bytes */
+    len = input_len * 4 + 1;
     data = reinterpret_cast<char *>(malloc(sizeof(char) * len));
     if (data == NULL) {
         return NULL;