Closed
Bug 172699
Opened 22 years ago
Closed 22 years ago
JS UTF-8 decoder accepts overlong sequences
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: jgmyers, Assigned: rogerl)
References
Details
(Keywords: js1.5, Whiteboard: [Have filed bug 173180 against Rhino for the same issue])
Attachments
(1 file)
1.25 KB,
patch
|
rogerl
:
review+
|
Details | Diff | Splinter Review |
Reporter | ||
Comment 1•22 years ago
|
||
Comment 3•22 years ago
|
||
rogerl, this looks like your code originally (jsstr.c rev 3.20) -- can you r=
and get the patch in? Thanks, and thanks to jgmyers for the find and fix.
/be
Assignee: khanson → rogerl
Updated•22 years ago
|
Keywords: js1.5,
mozilla1.2
Assignee | ||
Comment 4•22 years ago
|
||
Comment on attachment 101774 [details] [diff] [review]
Proposed fix
r=rogerl.
Phil - a test case is
decodeURI("%C0%AF").charCodeAt(0) which should result in 65533
Attachment #101774 -
Flags: review+
Assignee | ||
Comment 5•22 years ago
|
||
Fix checked in (inferring sr from Brendan).
Waldemar - the algorithm in 15.1.3.1 doesn't address this issue, should this be
raised at ECMA or leave this as a Netscape security 'extension'?
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 6•22 years ago
|
||
Unicode 3.1 prohibits UTF-8 decoders from accepting overlong sequences. Also
see http://www.unicode.org/versions/corrigendum1.html
I suggest bringing this up with ECMA, as this would appear to be an
inconsistency with the Unicode standard.
Assignee | ||
Comment 7•22 years ago
|
||
Adding Waldemar for ECMA comments.
Comment 8•22 years ago
|
||
Testcase added to JS testsuite:
mozilla/js/tests/js1_5/Regress/regress-172699.js
Comment 9•22 years ago
|
||
Marking Verified FIXED.
The above testcase now passes. It used to fail as follows:
*-* Testcase js1_5/Regress/regress-172699.js failed:
Bug Number 172699
STATUS: UTF-8 decoder should not accept overlong sequences
Failure messages were:
FAILED!: Section 1 of test -
FAILED!: Expected value '65533', Actual value '37'
The test is currently failing in Rhino in exactly this way.
I have filed bug 173180 against Rhino for this issue -
Status: RESOLVED → VERIFIED
Summary: js UTF-8 decoder accepts overlong sequences → JS UTF-8 decoder accepts overlong sequences
Whiteboard: [Have filed bug 173180 against Rhino for the same issue]
Comment 10•22 years ago
|
||
But why the fix treats overlongs by replacing them by 0xFFFD and not throwing an
exception like any other invalid UTF-8 would do? My understanding of
http://www.unicode.org/unicode/uni2errata/UTF-8_Corrigendum.html is that
overlongs are as broken as any other invalid UTF-8 sequences and should not be
treated in a different way.
Reporter | ||
Comment 11•22 years ago
|
||
Throwing an exception would be acceptable, though it doesn't look like
UTF8ToOneUCS4Char() can do that directly.
Updated•20 years ago
|
Flags: testcase+
You need to log in
before you can comment on or make changes to this bug.
Description
•