[前][次][番号順一覧][スレッド一覧]

ruby-changes:4202

From: ko1@a...
Date: Wed, 5 Mar 2008 17:46:17 +0900 (JST)
Subject: [ruby-changes:4202] duerst - Ruby:r15692 (trunk): Web Mar 5 17:43:43 2008 Martin Duerst <duerst@i...>

duerst	2008-03-05 17:45:51 +0900 (Wed, 05 Mar 2008)

  New Revision: 15692

  Modified files:
    trunk/ChangeLog
    trunk/test/ruby/test_transcode.rb
    trunk/transcode.c

  Log:
    Web Mar  5 17:43:43 2008  Martin Duerst  <duerst@i...>
    
    * transcode.c (transcode_loop): Adjusted detection of invalid
      (ill-formed) UTF-8 sequences. Fixing potential security issue, see
      http://www.unicode.org/versions/Unicode5.1.0/#Notable_Changes.
    
    * test/ruby/test_transcode.rb: Added two tests for above fix.
    


  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/test/ruby/test_transcode.rb?r1=15692&r2=15691&diff_format=u
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=15692&r2=15691&diff_format=u
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/transcode.c?r1=15692&r2=15691&diff_format=u

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 15691)
+++ ChangeLog	(revision 15692)
@@ -1,3 +1,11 @@
+Web Mar  5 17:43:43 2008  Martin Duerst  <duerst@i...>
+
+	* transcode.c (transcode_loop): Adjusted detection of invalid
+	  (ill-formed) UTF-8 sequences. Fixing potential security issue, see
+	  http://www.unicode.org/versions/Unicode5.1.0/#Notable_Changes.
+
+	* test/ruby/test_transcode.rb: Added two tests for above fix.
+
 Wed Mar  5 14:00:49 2008  Yukihiro Matsumoto  <matz@r...>
 
 	* numeric.c (fix_to_s): avoid rb_scan_args() when no argument
Index: test/ruby/test_transcode.rb
===================================================================
--- test/ruby/test_transcode.rb	(revision 15691)
+++ test/ruby/test_transcode.rb	(revision 15692)
@@ -242,6 +242,11 @@
   
   def test_invalid_ignore
     # arguments only
-    'abc'.encode('utf-8', invalid: :ignore)
+    assert_nothing_raised { 'abc'.encode('utf-8', invalid: :ignore) }
+    # check handling of UTF-8 ill-formed subsequences
+    assert_equal("\x00\x41\x00\x3E\x00\x42".force_encoding('UTF-16BE'),
+      "\x41\xC2\x3E\x42".encode('UTF-16BE', 'UTF-8', invalid: :ignore))
+    assert_equal("\x00\x41\x00\xF1\x00\x42".force_encoding('UTF-16BE'),
+      "\x41\xC2\xC3\xB1\x42".encode('UTF-16BE', 'UTF-8', invalid: :ignore))
   end
 end
Index: transcode.c
===================================================================
--- transcode.c	(revision 15691)
+++ transcode.c	(revision 15692)
@@ -177,8 +177,10 @@
 	    if (from_utf8) {
 		if ((next_byte&0xC0) == 0x80)
 		    next_byte -= 0x80;
-		else
+		else {
+		    in_p--; /* may need to add more code later to revert other things */
 		    goto invalid;
+		}
 	    }
 	    next_table = (const BYTE_LOOKUP *)next_info;
 	    goto follow_byte;
@@ -390,13 +392,15 @@
 
 /*
  *  call-seq:
- *     str.encode!(encoding)   => str
- *     str.encode!(to_encoding, from_encoding)   => str
+ *     str.encode!(encoding [, options] )   => str
+ *     str.encode!(to_encoding, from_encoding [, options] )   => str
  *
- *  With one argument, transcodes the contents of <i>str</i> from
+ *  The first form transcodes the contents of <i>str</i> from
  *  str.encoding to +encoding+.
- *  With two arguments, transcodes the contents of <i>str</i> from
+ *  The second form transcodes the contents of <i>str</i> from
  *  from_encoding to to_encoding.
+ *  The options Hash gives details for conversion. See String#encode
+ *  for details.
  *  Returns the string even if no changes were made.
  */
 
@@ -414,13 +418,15 @@
 
 /*
  *  call-seq:
- *     str.encode(encoding)   => str
- *     str.encode(to_encoding, from_encoding)   => str
+ *     str.encode(encoding [, options] )   => str
+ *     str.encode(to_encoding, from_encoding [, options] )   => str
  *
- *  With one argument, returns a copy of <i>str</i> transcoded
+ *  The first form returns a copy of <i>str</i> transcoded
  *  to encoding +encoding+.
- *  With two arguments, returns a copy of <i>str</i> transcoded
+ *  The second form returns a copy of <i>str</i> transcoded
  *  from from_encoding to to_encoding.
+ *  The options Hash gives details for conversion. Details
+ *  to be added.
  */
 
 static VALUE

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]