Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

encoding/xml: isInCharacterRange checks for the wrong range #25172

Closed
artyom opened this issue Apr 29, 2018 · 2 comments
Closed

encoding/xml: isInCharacterRange checks for the wrong range #25172

artyom opened this issue Apr 29, 2018 · 2 comments

Comments

@artyom
Copy link
Member

@artyom artyom commented Apr 29, 2018

Function isInCharacterRange supposedly checks that rune is inside the range(s) allowed by Section 2.2 of the referenced spec, but if has typo defining (sub)range boundary, having 0xDF77 instead of 0xD7FF.

go/src/encoding/xml/xml.go

Lines 1136 to 1146 in af5143e

// Decide whether the given rune is in the XML Character Range, per
// the Char production of http://www.xml.com/axml/testaxml.htm,
// Section 2.2 Characters.
func isInCharacterRange(r rune) (inrange bool) {
return r == 0x09 ||
r == 0x0A ||
r == 0x0D ||
r >= 0x20 && r <= 0xDF77 ||
r >= 0xE000 && r <= 0xFFFD ||
r >= 0x10000 && r <= 0x10FFFF
}

Spec:

Char | ::= | #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]

This bug was masked because this function always gets its input from the call to utf8.DecodeRune that fails on surrogate range 0xd800-0xdfff.

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Apr 29, 2018

Change https://golang.org/cl/109495 mentions this issue: encoding/xml: fix valid character range

@ALTree ALTree added the NeedsFix label Apr 30, 2018
@ALTree ALTree added this to the Go1.11 milestone Apr 30, 2018
@artyom

This comment has been minimized.

Copy link
Member Author

@artyom artyom commented May 9, 2018

Who should be the right person to ping regarding pending codereview?

@gopherbot gopherbot closed this in 4410934 May 9, 2018
@golang golang locked and limited conversation to collaborators May 9, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.