Closed Bug 1863770 Opened 1 year ago Closed 4 months ago

Assertion failure: std::strlen(aView.data()) == aView.size(), at /builds/worker/workspace/obj-build/dist/include/mozilla/intl/ICU4CGlue.h:56

Categories

(Core :: Internationalization, defect, P1)

Product:
Core
Component:
Internationalization
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
131 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr128 --- wontfix
firefox119 --- unaffected
firefox120 --- wontfix
firefox121 --- wontfix
firefox122 --- wontfix
firefox129 --- wontfix
firefox130 --- wontfix
firefox131 --- verified

People

(Reporter: jkratzer, Assigned: m_kato)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression, testcase, Whiteboard: [bugmon:bisected,confirmed])

Attachments

(2 files)

Testcase
646 bytes, text/plain
Details
Bug 1863770 - Check locale string whether it has null character. r=#platform-i18n-reviewers!
48 bytes, text/x-phabricator-request
Details | Review

Testcase found while fuzzing mozilla-central rev 5d6699b34edc (built with: --enable-debug --enable-fuzzing).

Testcase can be reproduced using the following commands:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build 5d6699b34edc --debug --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html

Assertion failure: std::strlen(aView.data()) == aView.size(), at /builds/worker/workspace/obj-build/dist/include/mozilla/intl/ICU4CGlue.h:56

    ==751779==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7faea4b8f5bb bp 0x7ffe396ca3f0 sp 0x7ffe396ca3c0 T751779)
    ==751779==The signal is caused by a WRITE memory access.
    ==751779==Hint: address points to the zero page.
        #0 0x7faea4b8f5bb in AssertNullTerminatedString /builds/worker/workspace/obj-build/dist/include/mozilla/intl/ICU4CGlue.h:56:3
        #1 0x7faea4b8f5bb in mozilla::intl::NumberFormatterSkeleton::toFormatter(std::basic_string_view<char, std::char_traits<char>>) /intl/components/src/NumberFormatterSkeleton.cpp:410:42
        #2 0x7faea4b8f396 in mozilla::intl::NumberFormat::initialize(std::basic_string_view<char, std::char_traits<char>>, mozilla::intl::NumberFormatOptions const&) /intl/components/src/NumberFormat.cpp:39:31
        #3 0x7faea4b8f2a5 in mozilla::intl::NumberFormat::TryCreate(std::basic_string_view<char, std::char_traits<char>>, mozilla::intl::NumberFormatOptions const&) /intl/components/src/NumberFormat.cpp:18:37
        #4 0x7faea4b58b5a in operator() /intl/unicharutil/util/ICUUtils.cpp:86:14
        #5 0x7faea4b58b5a in OrInsertWith<(lambda at /intl/unicharutil/util/ICUUtils.cpp:83:59)> /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:726:23
        #6 0x7faea4b58b5a in operator()<nsBaseHashtable<nsAtomHashKey, mozilla::UniquePtr<mozilla::intl::NumberFormat, mozilla::DefaultDelete<mozilla::intl::NumberFormat> >, mozilla::UniquePtr<mozilla::intl::NumberFormat, mozilla::DefaultDelete<mozilla::intl::NumberFormat> >, nsDefaultConverter<mozilla::UniquePtr<mozilla::intl::NumberFormat, mozilla::DefaultDelete<mozilla::intl::NumberFormat> >, mozilla::UniquePtr<mozilla::intl::NumberFormat, mozilla::DefaultDelete<mozilla::intl::NumberFormat> > > >::EntryHandle> /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:423:26
        #7 0x7faea4b58b5a in operator()<nsTHashtable<nsBaseHashtableET<nsAtomHashKey, mozilla::UniquePtr<mozilla::intl::NumberFormat, mozilla::DefaultDelete<mozilla::intl::NumberFormat> > > >::EntryHandle> /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:836:18
        #8 0x7faea4b58b5a in operator()<PLDHashTable::EntryHandle> /builds/worker/workspace/obj-build/dist/include/nsTHashtable.h:437:18
        #9 0x7faea4b58b5a in WithEntryHandle<(lambda at /builds/worker/workspace/obj-build/dist/include/nsTHashtable.h:436:9)> /builds/worker/workspace/obj-build/dist/include/PLDHashTable.h:605:12
        #10 0x7faea4b58b5a in WithEntryHandle<(lambda at /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:835:15)> /builds/worker/workspace/obj-build/dist/include/nsTHashtable.h:434:25
        #11 0x7faea4b58b5a in WithEntryHandle<(lambda at /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:422:34)> /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:834:18
        #12 0x7faea4b58b5a in LookupOrInsertWith<(lambda at /intl/unicharutil/util/ICUUtils.cpp:83:59)> /builds/worker/workspace/obj-build/dist/include/nsBaseHashtable.h:422:12
        #13 0x7faea4b58b5a in ICUUtils::LocalizeNumber(double, ICUUtils::LanguageTagIterForContent&, nsTSubstring<char16_t>&) /intl/unicharutil/util/ICUUtils.cpp:83:31
        #14 0x7faea85e7101 in mozilla::dom::NumberInputType::ConvertNumberToString(blink::Decimal, nsTSubstring<char16_t>&) const /dom/html/input/NumericInputTypes.cpp:139:3
        #15 0x7faea8507f41 in mozilla::dom::HTMLInputElement::SanitizeValue(nsTSubstring<char16_t>&, mozilla::dom::HTMLInputElement::SanitizationKind) const /dom/html/HTMLInputElement.cpp:4757:23
        #16 0x7faea859b4c1 in mozilla::TextControlState::GetValue(nsTSubstring<char16_t>&, bool, bool) const /dom/html/TextControlState.cpp:2536:23
        #17 0x7faeaa5fdd01 in nsTextControlFrame::UpdateValueDisplay(bool, bool, nsTSubstring<char16_t> const*) /layout/forms/nsTextControlFrame.cpp:1159:23
        #18 0x7faeaa5fb47e in nsTextControlFrame::CreateAnonymousContent(nsTArray<nsIAnonymousContentCreator::ContentInfo>&) /layout/forms/nsTextControlFrame.cpp:432:8
        #19 0x7faeaa5f07c6 in nsNumberControlFrame::CreateAnonymousContent(nsTArray<nsIAnonymousContentCreator::ContentInfo>&) /layout/forms/nsNumberControlFrame.cpp:65:23
        #20 0x7faeaa5f0a5f in non-virtual thunk to nsNumberControlFrame::CreateAnonymousContent(nsTArray<nsIAnonymousContentCreator::ContentInfo>&) /layout/forms/nsNumberControlFrame.cpp
        #21 0x7faeaa389ae7 in nsCSSFrameConstructor::GetAnonymousContent(nsIContent*, nsIFrame*, nsTArray<nsIAnonymousContentCreator::ContentInfo>&) /layout/base/nsCSSFrameConstructor.cpp:3989:26
        #22 0x7faeaa3841da in nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&, nsIContent*, mozilla::ComputedStyle*, nsContainerFrame*, bool, nsFrameList&, bool, nsIFrame*) /layout/base/nsCSSFrameConstructor.cpp:9699:3
        #23 0x7faeaa38ea4f in nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&, nsFrameConstructorState&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:3886:9
        #24 0x7faeaa392ec5 in nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList::Iterator&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:5540:3
        #25 0x7faeaa382ea9 in nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList&, nsContainerFrame*, bool, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:9484:5
        #26 0x7faeaa390163 in nsCSSFrameConstructor::ConstructInline(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItem&, nsContainerFrame*, nsStyleDisplay const*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:11037:3
        #27 0x7faeaa38e40b in nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&, nsFrameConstructorState&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:3758:16
        #28 0x7faeaa392ec5 in nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList::Iterator&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:5540:3
        #29 0x7faeaa382ea9 in nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList&, nsContainerFrame*, bool, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:9484:5
        #30 0x7faeaa390163 in nsCSSFrameConstructor::ConstructInline(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItem&, nsContainerFrame*, nsStyleDisplay const*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:11037:3
        #31 0x7faeaa38e40b in nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&, nsFrameConstructorState&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:3758:16
        #32 0x7faeaa392ec5 in nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList::Iterator&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:5540:3
        #33 0x7faeaa382ea9 in nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList&, nsContainerFrame*, bool, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:9484:5
        #34 0x7faeaa38457c in nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&, nsIContent*, mozilla::ComputedStyle*, nsContainerFrame*, bool, nsFrameList&, bool, nsIFrame*) /layout/base/nsCSSFrameConstructor.cpp:9771:3
        #35 0x7faeaa38853d in nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState&, nsIContent*, nsContainerFrame*, nsContainerFrame*, mozilla::ComputedStyle*, nsContainerFrame**, nsFrameList&, nsIFrame*) /layout/base/nsCSSFrameConstructor.cpp:10634:3
        #36 0x7faeaa38d19e in nsCSSFrameConstructor::ConstructNonScrollableBlock(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItem&, nsContainerFrame*, nsStyleDisplay const*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:4592:3
        #37 0x7faeaa38e40b in nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&, nsFrameConstructorState&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:3758:16
        #38 0x7faeaa392ec5 in nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList::Iterator&, nsContainerFrame*, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:5540:3
        #39 0x7faeaa382ea9 in nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList&, nsContainerFrame*, bool, nsFrameList&) /layout/base/nsCSSFrameConstructor.cpp:9484:5
        #40 0x7faeaa39923a in nsCSSFrameConstructor::ContentAppended(nsIContent*, nsCSSFrameConstructor::InsertionKind) /layout/base/nsCSSFrameConstructor.cpp:6679:3
        #41 0x7faeaa355075 in mozilla::RestyleManager::ProcessRestyledFrames(nsStyleChangeList&) /layout/base/RestyleManager.cpp:1618:27
        #42 0x7faeaa35be94 in mozilla::RestyleManager::DoProcessPendingRestyles(mozilla::ServoTraversalFlags) /layout/base/RestyleManager.cpp:3245:9
        #43 0x7faeaa32fbf5 in mozilla::RestyleManager::ProcessPendingRestyles() /layout/base/RestyleManager.cpp:3330:3
        #44 0x7faeaa32ed5c in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /layout/base/PresShell.cpp:4316:39
        #45 0x7faea662773f in FlushPendingNotifications /builds/worker/workspace/obj-build/dist/include/mozilla/PresShell.h:1474:5
        #46 0x7faea662773f in mozilla::dom::Document::FlushPendingNotifications(mozilla::ChangesToFlush) /dom/base/Document.cpp:10893:16
        #47 0x7faea5a26fde in nsDocLoader::DocLoaderIsEmpty(bool, mozilla::Maybe<nsresult> const&) /uriloader/base/nsDocLoader.cpp:740:14
        #48 0x7faea5a284b1 in nsDocLoader::OnStopRequest(nsIRequest*, nsresult) /uriloader/base/nsDocLoader.cpp:678:5
        #49 0x7faeab9ef0af in nsDocShell::OnStopRequest(nsIRequest*, nsresult) /docshell/base/nsDocShell.cpp:13813:23
        #50 0x7faea4c4945f in mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult) /netwerk/base/nsLoadGroup.cpp:631:22
        #51 0x7faea4c4a9a0 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) /netwerk/base/nsLoadGroup.cpp:535:10
        #52 0x7faea662c96c in mozilla::dom::Document::DoUnblockOnload() /dom/base/Document.cpp:11679:18
        #53 0x7faea6612906 in mozilla::dom::Document::DispatchContentLoadedEvents() /dom/base/Document.cpp:8132:3
        #54 0x7faea66c55a9 in operator()<> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1164:18
        #55 0x7faea66c55a9 in __invoke_impl<void, (lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:60:14
        #56 0x7faea66c55a9 in __invoke<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:95:14
        #57 0x7faea66c55a9 in __apply_impl<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1678:14
        #58 0x7faea66c55a9 in apply<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1687:14
        #59 0x7faea66c55a9 in apply<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1162:12
        #60 0x7faea66c55a9 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1213:13
        #61 0x7faea4a09bc7 in mozilla::RunnableTask::Run() /xpcom/threads/TaskController.cpp:549:16
        #62 0x7faea4a01793 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /xpcom/threads/TaskController.cpp:876:26
        #63 0x7faea49fffd7 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /xpcom/threads/TaskController.cpp:699:15
        #64 0x7faea4a00435 in mozilla::TaskController::ProcessPendingMTTask(bool) /xpcom/threads/TaskController.cpp:485:36
        #65 0x7faea4a0d8d6 in operator() /xpcom/threads/TaskController.cpp:211:37
        #66 0x7faea4a0d8d6 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /xpcom/threads/nsThreadUtils.h:548:5
        #67 0x7faea4a24432 in nsThread::ProcessNextEvent(bool, bool*) /xpcom/threads/nsThread.cpp:1198:16
        #68 0x7faea4a2b51d in NS_ProcessNextEvent(nsIThread*, bool) /xpcom/threads/nsThreadUtils.cpp:480:10
        #69 0x7faea56e7845 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:85:21
        #70 0x7faea5601831 in RunHandler /ipc/chromium/src/base/message_loop.cc:363:3
        #71 0x7faea5601831 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:345:3
        #72 0x7faea9f3dd18 in nsBaseAppShell::Run() /widget/nsBaseAppShell.cpp:148:27
        #73 0x7faeac18982b in XRE_RunAppShell() /toolkit/xre/nsEmbedFunctions.cpp:721:20
        #74 0x7faea56e8726 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:235:9
        #75 0x7faea5601831 in RunHandler /ipc/chromium/src/base/message_loop.cc:363:3
        #76 0x7faea5601831 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:345:3
        #77 0x7faeac189092 in XRE_InitChildProcess(int, char**, XREChildData const*) /toolkit/xre/nsEmbedFunctions.cpp:656:34
        #78 0x55d2716f8276 in content_process_main /browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
        #79 0x55d2716f8276 in main /browser/app/nsBrowserApp.cpp:375:18
        #80 0x7faeb8d99d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
        #81 0x7faeb8d99e3f in __libc_start_main csu/../csu/libc-start.c:392:3
        #82 0x55d2716cdfa8 in _start (/home/jkratzer/builds/m-c-20231107214948-fuzzing-debug/firefox-bin+0x58fa8) (BuildId: e85916198980a98c4e9f8fdbf0edfb81a869e8a7)
    
    UndefinedBehaviorSanitizer can not provide additional info.
    SUMMARY: UndefinedBehaviorSanitizer: SEGV /builds/worker/workspace/obj-build/dist/include/mozilla/intl/ICU4CGlue.h:56:3 in AssertNullTerminatedString
    ==751779==ABORTING
Attached file Testcase

Verified bug as reproducible on mozilla-central 20231108211203-f1fb5f0afb58.
The bug appears to have been introduced in the following build range:

Start: a1b07881519bf27f1f641d395e2edcf4ee4fd3a3 (20231017105725)
End: 72b3ba30b666e344ae1d4220069e3659a3807530 (20231017211935)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a1b07881519bf27f1f641d395e2edcf4ee4fd3a3&tochange=72b3ba30b666e344ae1d4220069e3659a3807530

Keywords: regression
Whiteboard: [bugmon:confirm] → [bugmon:bisected,confirmed]
Regressed by: 1859427

Set release status flags based on info from the regressing bug 1859427

:emilio, since you are the author of the regressor, bug 1859427, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

status-firefox119: --- → unaffected
status-firefox120: --- → affected
status-firefox121: --- → affected
status-firefox-esr115: --- → unaffected
Flags: needinfo?(emilio)

So this seems like a broken assumption in the ICU code to me. This comes from bug 1733349.

Before my patch, we were using lang.get(), which will basically trim the string to the first null character.

In any case effective behavior seems unchanged, but I'm not sure what the best fix here would look like. Restoring previous behavior would be:

diff --git a/intl/unicharutil/util/ICUUtils.cpp b/intl/unicharutil/util/ICUUtils.cpp
index 9b05d4ab3610e..2b96be09727d6 100644
--- a/intl/unicharutil/util/ICUUtils.cpp
+++ b/intl/unicharutil/util/ICUUtils.cpp
@@ -83,7 +83,7 @@ bool ICUUtils::LocalizeNumber(double aValue,
     auto& formatter = sCache->LookupOrInsertWith(langTag, [&] {
       nsAutoCString tag;
       langTag->ToUTF8String(tag);
-      return intl::NumberFormat::TryCreate(tag, options).unwrapOr(nullptr);
+      return intl::NumberFormat::TryCreate(tag.get(), options).unwrapOr(nullptr);
     });
     if (!formatter) {
       continue;

Maybe that's good enough but it seems sketchy and less efficient than it should.

André, do you know if ICU provides any API to pass a string with internal nulls in it? Should we just do something like the above? It seems not really fully correct. E.g., lang="de" and lang="de\0whatever" would be treated the same, and it just effectively bypasses the assertion. Should we just remove the "no internal null" assert? Seems unfortunate but it's what's happening now, effectively, and it's unclear how a caller should deal with it.

Flags: needinfo?(emilio) → needinfo?(andrebargull)
See Also: → 1733349

We end up calling unumf_openForSkeletonAndLocale, which requires that the locale parameter is a zero-terminated C-string char*. But our ICU4C wrapper code in mozilla::intl tries to avoid using char* parameters and instead prefers std::string_view or mozilla::Span, because eventually we want to switch to ICU4X, which doesn't use zero-terminated C-string, but instead Rust strings.

For this specific case: The input to intl::NumberFormat::TryCreate should be a valid language tag, so inputs like "de\0whatever" are already invalid. If the input is the non-zero-terminated string "de", ICUUtils::LocalizeNumber should first zero-terminate the input and then pass it to intl::NumberFormat::TryCreate .

Flags: needinfo?(andrebargull)

Set release status flags based on info from the regressing bug 1859427

status-firefox122: --- → affected

The severity field is not set for this bug.
:m_kato, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(m_kato)
Severity: -- → S3
Flags: needinfo?(m_kato)
Priority: -- → P1

Simon, if lang attribute has null terminate character (emilio adds the comment as comment #4), should we handle as invalid lang value? or valid until null-terminate string (if it is "de\0foo", should we handle as "de"?)

Flags: needinfo?(zcorpan)

Treat as invalid.

https://html.spec.whatwg.org/multipage/dom.html#language says

If the resulting value is not a recognized language tag, then it must be treated as an unknown language having the given language tag, distinct from all other languages.

https://www.rfc-editor.org/info/bcp47 doesn't say to truncate at \0 as far as I can tell, and it's not allowed in the syntax, so it's an invalid language tag.

Flags: needinfo?(zcorpan)
Assignee: nobody → m_kato

If locale string has null character, we should ignore it. Because it is
invalid tag.

Attachment #9418254 - Attachment description: Bug 1863770 - Add locale string check whether it has null character. r=#platform-i18n-reviewers! → Bug 1863770 - Check locale string whether it has null character. r=#platform-i18n-reviewers!
Pushed by m_kato@ga2.so-net.ne.jp: https://hg.mozilla.org/integration/autoland/rev/42095a0eed89 Check locale string whether it has null character. r=platform-i18n-reviewers,dminor

https://hg.mozilla.org/mozilla-central/rev/42095a0eed89

Status: NEW → RESOLVED
Closed: 4 months ago
status-firefox131: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 131 Branch

Verified bug as fixed on rev mozilla-central 20240813154832-21114fe770f3.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Status: RESOLVED → VERIFIED
status-firefox131: fixedverified
Keywords: bugmon
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: