[xml] Fwd: Patch to fix ICU flush and pivot buffer

From: Joel Hockey <joelhockey chromium org>
To: "xml gnome org" <xml gnome org>
Cc: Nick Wellnhofer <wellnhofer aevum de>, Markus Scherer <mscherer google com>, Markus Scherer <markus icu gmail com>, Jungshik Shin <jshin chromium org>
Subject: [xml] Fwd: Patch to fix ICU flush and pivot buffer
Date: Mon, 8 Jan 2018 12:06:06 +1100

Sending again, since I don't think this email made it to the libxml mailing list since I was not subscribed.

---------- Forwarded message ----------
From: Joel Hockey <joelhockey chromium org>
Date: Wed, Jan 3, 2018 at 5:01 PM
Subject: Re: [xml] Patch to fix ICU flush and pivot buffer
To: "Jungshik Shin (신정식, 申政湜)" <jshin chromium org>
Cc: Nick Wellnhofer <wellnhofer aevum de>, Markus Scherer <mscherer google com>, "xml gnome org" <xml gnome org>, Markus Scherer <markus icu gmail com>

Nick, I have another patch for some additional call sites where flush is being incorrectly set on the non-final read.

This was found by the chromium fuzzing tests.

https://bugs.chromium.org/p/chromium/issues/detail?id=790944

I have included a test case for this which uses UTF8 and only works with icu.

I saw that you were able to create a testcase with EUC-JP last time which worked with icu and iconv. I've tried quite a bit to do something similar, but I can't replicate the error condition with that encoding. I don't expect that you would want to check in this testcase, but I've included for you to run locally if you like.

On Thu, Nov 9, 2017 at 11:36 AM, Joel Hockey <joelhockey chromium org> wrote:

Yes, I will update chromium with this as per https://cs.chromium.org/chromium/src/third_party/libxml/chromium/roll.py

On Thu, Nov 9, 2017 at 10:35 AM, Jungshik Shin (신정식, 申政湜) <jshin chromium org> wrote:
Thank you, Joel and Nick !

Joel: I guess you're gonna roll libxml in the Chromium tree to a version including these changes.

Jungshik

2017-11-08 15:22 GMT-08:00 Joel Hockey <joelhockey chromium org>:
Thanks Nick. Nice work with the test.

On Sun, Nov 5, 2017 at 2:04 AM, Nick Wellnhofer <wellnhofer aevum de> wrote:
On 26/10/2017 03:17, Joel Hockey wrote:

I've updated the patch using git format-patch.

Thanks for the updated patch. Applied here: https://git.gnome.org/browse/libxml2/commit/?id=0b19f236a263a7b0acacd4ea84dc7237303ee3d9

The original bug found by fuzzer only relates to UTF8 decoding, so using Shift-JIS or anything else wont help.

Why not? My reasoning was that ICU uses the same code path for all variable-width encodings. I simply converted your test file to EUC-JP and it turns out that this triggers the bug as well:

https://git.gnome.org/browse/libxml2/commit/?id=72182550926d31ad17357bd3ed69e49d7e69df02

Nick

Attachment: 0001-Change-calls-to-xmlCharEncInput-to-set-flush-false-w.patch
Description: Text Data

Attachment: icu_parse_test.utf8.xml
Description: XML document

Follow-Ups:
- Re: [xml] Fwd: Patch to fix ICU flush and pivot buffer
  - From: Nick Wellnhofer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]