Last Comment Bug 396637 - "ASSERTION: Too few bytes in input" with single-byte UTF-16 data: URL
: "ASSERTION: Too few bytes in input" with single-byte UTF-16 data: URL
Status: RESOLVED FIXED
[sg:low] Read past end of buffer; at ...
: fixed1.8.1.22
Product: Core
Classification: Components
Component: Internationalization (show other bugs)
: Trunk
: All All
: P2 normal (vote)
: ---
Assigned To: Simon Montagu :smontagu
:
Mentors:
data:text/html;charset=utf-16,%41
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-18 18:43 PDT by Jesse Ruderman
Modified: 2009-06-22 10:38 PDT (History)
6 users (show)
mbeltzner: wanted‑next+
smontagu: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch (3.91 KB, patch)
2008-01-20 03:31 PST, Simon Montagu :smontagu
jshin1987: review+
smontagu: approval1.9?
Details | Diff | Review

Description Jesse Ruderman 2007-09-18 18:43:25 PDT
Steps to reproduce:
1. Load:
     data:text/html;charset=utf-16,%41

Result:
###!!! ASSERTION: Too few bytes in input: '*aSrcLength >= 2', file /Users/jruderman/trunk/mozilla/intl/uconv/ucvlatin/nsUCS2BEToUnicode.cpp, line 229

It looks like nsUTF16ToUnicode::Convert then proceeds to read past the end of the string while trying to determine its endianness.

I don't know whether this is a bug in nsUTF16ToUnicode::Convert or a bug in the caller.
Comment 1 Simon Montagu :smontagu 2007-09-19 12:11:23 PDT
nsUTF16ToUnicode::Convert, I think. Callers of converters shouldn't need to know about the byte structure of encodings.
Comment 2 Simon Montagu :smontagu 2008-01-20 03:31:21 PST
Created attachment 298097 [details] [diff] [review]
Patch

I'm in two minds whether the Right Thing To Do here is to fail silently or return an error code, but I think the error code is preferable.
Comment 3 Mike Beltzner [:beltzner, not reading bugmail] 2008-02-29 13:48:52 PST
Is this ready for checkin? If so, please nominate for approval1.9?
Comment 4 Simon Montagu :smontagu 2008-03-01 14:10:04 PST
Does this need approval? It was marked as blocking 1.9 and I could have checked it in before but since the change is so small I was waiting to check it in together with bug 317126 when that got reviewed.
Comment 5 Simon Montagu :smontagu 2008-03-01 14:30:57 PST
er, bug 317216
Comment 6 Simon Montagu :smontagu 2008-06-04 14:30:36 PDT
Checked in to trunk, with unit test
Comment 7 Simon Montagu :smontagu 2009-04-07 00:45:50 PDT
Checked in to 1.8 branch (with bug 317216)

Note You need to log in before you can comment on or make changes to this bug.