UTF-8 code makes assumptions about buffer size

[lionkor]

https://github.com/quickjs-ng/quickjs/blob/master/cutils.c#L247 makes the assumption that the buffer is always at least UTF8_CHAR_LEN_MAX, this is not checked. re_parse_group_name then calls it with a buffer, the size of which is also not checked. This results in a dependency on the buffer supplied to this function that the buffer is at least UTF8_CHAR_LEN_MAX.

I would consider this a soon-to-be-bug at best. I understand that error handling is difficult, but an assert would make sense here at the very least.

[chqrlie]

I agree the definition should enforce a minimum length for the array pointed to by buf:

size_t utf8_encode(uint8_t buf[minimum_length(UTF8_CHAR_LEN_MAX)], uint32_t c)

with minimum_length defined as:

#if target is c99
#define minimum_length(n)  static n
#else
#define minimum_length(n)  n
#endif