Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HtmlEncoder.Encode(ROS<char>, S<char>) returns wrong charsConsumed, charsWritten values #45994

Closed
benaadams opened this issue Dec 12, 2020 · 4 comments · Fixed by #49373
Closed

HtmlEncoder.Encode(ROS<char>, S<char>) returns wrong charsConsumed, charsWritten values #45994

benaadams opened this issue Dec 12, 2020 · 4 comments · Fixed by #49373
Assignees
@GrabYourPitchforks
Labels
area-System.Text.Encodings.Web bug
Milestone
6.0.0

Comments

@benaadams
Copy link
Member

benaadams commented Dec 12, 2020
edited
Loading

For an incomplete Encode it returns the wrong values and values that are larger than the input lengths

Description

using System;
using System.Buffers;
using System.Text.Encodings.Web;

class Program
{
    static void Main()
    {
        const string data = "<div></div>";

        char[] array = new char[16];

        ReadOnlySpan<char> input = data;
        Span<char> output = array;

        OperationStatus status = HtmlEncoder.Default.Encode(input, output, out int charsConsumed, out int charsWritten, isFinalBlock: true);

        Console.WriteLine($"status = {status}");
        Console.WriteLine($"input.Length = {input.Length}");
        Console.WriteLine($"output.Length = {output.Length}");
        Console.WriteLine($"charsConsumed = {charsConsumed}");
        Console.WriteLine($"charsWritten = {charsWritten}");
        Console.WriteLine($"Data written: {output.Slice(0, charsWritten).ToString()}");
        Console.WriteLine($"Data consumed: {input.Slice(0, charsConsumed).ToString()}");
    }
}

Output

status = DestinationTooSmall
input.Length = 11
output.Length = 16
charsConsumed = 19
charsWritten = 19
Unhandled exception. System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.

Expected Output

 status = DestinationTooSmall
 input.Length = 11
 output.Length = 16
- charsConsumed = 19
+ charsConsumed = 7
- charsWritten = 19
+ charsWritten = 16
- Unhandled exception. System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
+ Data written: &lt;div&gt;&lt;/
+ Data consumed: <div></

Configuration

  • Which version of .NET is the code running on? netcoreapp3.1 and net5.0
  • What OS and version, and what distro if applicable? Windows 10
  • What is the architecture (x64, x86, ARM, ARM64)? x64

Regression?

Broken in both netcoreapp3.1 and net5.0; maybe earlier versions haven't checked
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added the untriaged New issue has not been triaged by the area owner label Dec 12, 2020
@Dotnet-GitSync-Bot
Copy link
Collaborator

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

@benaadams benaadams changed the title HtmlEncoder.Encode(ROS, S) returns wrong charsConsumed, charsWritten values HtmlEncoder.Encode(ROS<char>, S<char>) returns wrong charsConsumed, charsWritten values Dec 12, 2020
@benaadams benaadams mentioned this issue Dec 12, 2020
Merged
@ghost
Copy link

ghost commented Dec 12, 2020

Tagging subscribers to this area: @tarekgh, @krwq
See info in area-owners.md if you want to be subscribed.

Issue Details

For an incomplete Encode it returns the wrong values and values that are larger than the input lengths

Description

using System;
using System.Buffers;
using System.Text.Encodings.Web;

class Program
{
    static void Main()
    {
        const string data = "<div></div>";

        char[] array = new char[16];

        ReadOnlySpan<char> input = data;
        Span<char> output = array;

        OperationStatus status = HtmlEncoder.Default.Encode(input, output, out int charsConsumed, out int charsWritten, isFinalBlock: true);

        Console.WriteLine($"status = {status}");
        Console.WriteLine($"input.Length = {input.Length}");
        Console.WriteLine($"output.Length = {output.Length}");
        Console.WriteLine($"charsConsumed = {charsConsumed}");
        Console.WriteLine($"charsWritten = {charsWritten}");
        Console.WriteLine($"Data written: {output.Slice(0, charsWritten).ToString()}");
        Console.WriteLine($"Data consumed: {input.Slice(0, charsConsumed).ToString()}");
    }
}

Output

status = DestinationTooSmall
input.Length = 11
output.Length = 16
charsConsumed = 19
charsWritten = 19
Unhandled exception. System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.

Expected Output

 status = DestinationTooSmall
 input.Length = 11
 output.Length = 16
- charsConsumed = 19
+ charsConsumed = 7
- charsWritten = 19
+ charsWritten = 16
- Unhandled exception. System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
+ Data written: &lt;div&gt;&lt;/
+ Data consumed: <div></

Configuration

  • Which version of .NET is the code running on? netcoreapp3.1 and net5.0
  • What OS and version, and what distro if applicable? Windows 10
  • What is the architecture (x64, x86, ARM, ARM64)? x64

Regression?

Broken in both netcoreapp3.1 and net5.0; maybe earlier versions haven't checked

Author: benaadams
Assignees: -
Labels:

area-System.Text.Encoding, untriaged
Milestone: -

@ghost
Copy link

ghost commented Dec 13, 2020

Tagging subscribers to this area: @tarekgh
See info in area-owners.md if you want to be subscribed.

Issue Details

For an incomplete Encode it returns the wrong values and values that are larger than the input lengths

Description

using System;
using System.Buffers;
using System.Text.Encodings.Web;

class Program
{
    static void Main()
    {
        const string data = "<div></div>";

        char[] array = new char[16];

        ReadOnlySpan<char> input = data;
        Span<char> output = array;

        OperationStatus status = HtmlEncoder.Default.Encode(input, output, out int charsConsumed, out int charsWritten, isFinalBlock: true);

        Console.WriteLine($"status = {status}");
        Console.WriteLine($"input.Length = {input.Length}");
        Console.WriteLine($"output.Length = {output.Length}");
        Console.WriteLine($"charsConsumed = {charsConsumed}");
        Console.WriteLine($"charsWritten = {charsWritten}");
        Console.WriteLine($"Data written: {output.Slice(0, charsWritten).ToString()}");
        Console.WriteLine($"Data consumed: {input.Slice(0, charsConsumed).ToString()}");
    }
}

Output

status = DestinationTooSmall
input.Length = 11
output.Length = 16
charsConsumed = 19
charsWritten = 19
Unhandled exception. System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.

Expected Output

 status = DestinationTooSmall
 input.Length = 11
 output.Length = 16
- charsConsumed = 19
+ charsConsumed = 7
- charsWritten = 19
+ charsWritten = 16
- Unhandled exception. System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
+ Data written: &lt;div&gt;&lt;/
+ Data consumed: <div></

Configuration

  • Which version of .NET is the code running on? netcoreapp3.1 and net5.0
  • What OS and version, and what distro if applicable? Windows 10
  • What is the architecture (x64, x86, ARM, ARM64)? x64

Regression?

Broken in both netcoreapp3.1 and net5.0; maybe earlier versions haven't checked

Author: benaadams
Assignees: -
Labels:

area-System.Text.Encodings.Web, untriaged
Milestone: -

@tarekgh
Copy link
Member

tarekgh commented Dec 13, 2020

CC @GrabYourPitchforks

@GrabYourPitchforks GrabYourPitchforks self-assigned this Dec 16, 2020
@GrabYourPitchforks GrabYourPitchforks added bug and removed untriaged New issue has not been triaged by the area owner labels Dec 16, 2020
@GrabYourPitchforks GrabYourPitchforks added this to the 6.0.0 milestone Dec 16, 2020
@GrabYourPitchforks GrabYourPitchforks mentioned this issue Mar 9, 2021
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Mar 9, 2021
aik-jahoda pushed a commit to aik-jahoda/corefx that referenced this issue Mar 9, 2021
@GrabYourPitchforks
Tighten bounds checks around TextEncoder logic
627093c 
- Replaces unsafe code with safe code where possible
- Fixes some surrogate pairs being misinterpreted
- Fixes dotnet/runtime#45994
- Ref: MSRC 62749 (CVE-2021-26701)
aik-jahoda pushed a commit to aik-jahoda/corefx that referenced this issue Mar 9, 2021
@GrabYourPitchforks @wtgodbe
Tighten bounds checks around TextEncoder logic
9299d90 
- Replaces unsafe code with safe code where possible
- Fixes some surrogate pairs being misinterpreted
- Fixes dotnet/runtime#45994
- Ref: MSRC 62749 (CVE-2021-26701)
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Mar 19, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Apr 18, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@GrabYourPitchforks GrabYourPitchforks

Labels
area-System.Text.Encodings.Web bug
Projects
None yet
Milestone
6.0.0
Development

Successfully merging a pull request may close this issue.

System.Text.Encodings.Web refactoring and code modernization GrabYourPitchforks/runtime
5 participants
@benaadams @GrabYourPitchforks @danmoseley @tarekgh @Dotnet-GitSync-Bot