Major overhaul of mbstring (part 20)

[alexdowad]

We are almost reaching the point where the new, faster interface for converting text encodings in mbstring is implemented for all supported legacy text encodings. Actually, all that is left now is the non-encodings 'HTML-ENTITIES', UUEncode, Base64, and QPrint.

Aside from being faster, the new code in this PR does fix a number of bugs. As with the last couple of PRs, an automated test harness was used to generate vast numbers of random strings and find cases where the output of the new and old code was different. In close to 90% of such cases, a careful examination of the differences revealed that the old code was incorrect. The remaining ~10% were caused by bugs in the new code, which have been fixed.

FYA @nikic @cmb69

[alexdowad]

Just fixed one more bug. All tests are passing now.

[alexdowad]

Have you ever heard that old nugget of programmer's wisdom which says that if you find a bug somewhere, there is probably another similar one elsewhere in the same codebase?

After seeing that the GitHub CI process caught one bug which had escaped my own testing process, that thought echoed in my ears. I decided to examine this PR again to see if there could be another instance of the same problem... and wouldn't you know it, there were not one but three in mbfilter_sjis_mobile.c. 😮‍💨

It so happened that it was a bit tricky to construct a test case which 'tickled' the bug, but I did so, and added it as a regression test case.

[derickr]

FWIW, I had a quick look at this PR, and at a glance can't see any obvious issues. I'm not sure whether I'm qualified to approve it though? In general, as you've added so many tests, I can't see a problem by just doing so though.

[alexdowad]

FWIW, I had a quick look at this PR, and at a glance can't see any obvious issues. I'm not sure whether I'm qualified to approve it though? In general, as you've added so many tests, I can't see a problem by just doing so though.

@derickr, thanks for the review!

Nikita was last listed as the primary maintainer of mbstring in EXTENSIONS, so it would be nice to hear from him, but if not... I may go ahead and merge.

[nikic]

Two (related) concerns:

• A number of commits mention fixes relative to the legacy implementation, but most of those don't seem to come with additional test coverage?
• I'm concerned that we're deviating in behavior between the legacy and fast implementation here. The problem is that the fast implementation is currently only used in some places (only encoding conversion?) so you may see different "interpretations" of the same string depending on which function you use and which encoding/decoding hooks that function happens to use.

[alexdowad]

@nikic Excellent review (as usual)!

For the record, here are bugs I found in the old conversion code while fuzzing it to look for differences between the old and new code:

• In some cases, when converting to UTF-7, just a bare "+" was emitted
• JIS and ISO-2022-JP would accept a bare 0x1B (ESC) without emitting an error
• UCS-4BE, UCS-4LE, and UCS-4 would accept codepoints up to 0x200000 without error, though the highest valid codepoint is 0x10FFFF
• Some 2-character strings starting with "+" would produce no output at all when converted from UTF-7 to some other encoding
• For some error conditions, GB18030 would emit a null byte (0x00) rather than an error marker.
• For some error conditions, CP50220 would not emit an error marker.
• When converting some single-character strings from JIS or ISO-2022-JP to CP50220, no output at all was produced
• JIS, CP50221, and CP50222 would not return to ASCII mode at the end of a string, which is needed for strings to be safely concatenated
• HZ would not return to ASCII mode after "~~"
• CP50220 would 'eat' a trailing null byte without producing any output
• ISO-2022-JP-2004 did not distinguish between JIS X 0213 plane 1 and plane 2; after it switched to one plane, it would not emit the correct escape code to switch to the other plane if necessary
• If a ISO-2022-JP-KDDI string ended with a character which could have been part of a special KDDI emoji, it would not emit the escape code to return to ASCII mode
• EUC-JP-2004, SJIS-2004, ISO-2022-JP-2004, SJIS-mac, JIS, ISO-2022-JP did not properly call the next "flush function" in the chain when ending a conversion operation; depending on what the destination encoding was, this could cause the output to be truncated (especially when converting to UTF-7, UTF-7-IMAP, ISO-2022-JP, CP50220, CP50221, CP50222, or any of the KDDI, Softbank, or Docomo-specific encodings)
• UTF-7-IMAP converted U+0000 to 0x00; it seems this was deliberate, but it clearly violates the RFC
• ISO-2022-JP-2004 would pass bytes from 0x80-0x9F straight through to the output without any emitting any escape codes to switch to the proper mode
• For U+FF95 and a few other codepoints which have a special representation in EUC-JP-2004, they were converted to the same special value for ISO-2022-JP-2004, which is not correct
• In some cases, HZ would not return to ASCII mode at the end of a string
• In some cases, ISO-2022-KR would take a codepoint which is not in KSC 5601 or KS X 1001 at all, subtract 0x8080 from it, and then use it as a KS X 1001 code sequence (totally mangling it)
• ISO-2022-JP-KDDI could not emit the special KDDI emoji for national flags
• ISO-2022-KR used an incorrect test to determine whether an escape code is needed to return to ASCII mode at the end of a string, so in some cases, the escape code was not emitted correctly

I can go through and add a few tests to cover these specific situations.

Regarding the differences between the 'old' and 'new' conversion functions... when is the next release coming up? If there is still enough time, I could just finish the switchover within the available time. Otherwise, I could fix these bugs in the old conversion code, so we don't have differences between functions which use the old conversion code and those which use the new conversion code.

[alexdowad]

By the way, I am just adding implementations of the 'fast' conversion interface for UUEncode and Base64... we want to eventually remove those from mbstring, but I want to move ahead and switch over completely to the new interface before that, so we need temporary implementations for them...

[nikic]

Regarding the differences between the 'old' and 'new' conversion functions... when is the next release coming up? If there is still enough time, I could just finish the switchover within the available time. Otherwise, I could fix these bugs in the old conversion code, so we don't have differences between functions which use the old conversion code and those which use the new conversion code.

I don't think a schedule for PHP 8.2 is up yet, but I'd expect it to be about the same as https://wiki.php.net/todo/php81 plus one year. Probably makes sense to focus on switching to the new conversion functions and getting rid of the old ones entirely.

[alexdowad]

I don't think a schedule for PHP 8.2 is up yet, but I'd expect it to be about the same as https://wiki.php.net/todo/php81 plus one year. Probably makes sense to focus on switching to the new conversion functions and getting rid of the old ones entirely.

Great! Thanks.

[alexdowad]

Haven't yet added more tests as suggested by @nikic, but I have just added a 'fast' conversion filter for HTML-ENTITIES.

[alexdowad]

Have added more tests as suggested by @nikic, though they do not exhaustively cover every issue discovered by fuzzing. (Some of the issues were extremely obscure and I am finding it hard to reproduce them, since I didn't keep a record of the input strings which triggered the differing outputs.)

Fast conversion filters for Base64, UUEncode, QPrint, and HTML-ENTITIES are included. That is all the text encodings supported by mbstring.

Next step is to start using the faster conversion filters throughout.

[alexdowad]

Test failure is spurious. (It's testing the effect of lstat.)

[alexdowad]

@nikic just saved my skin here by spotting a buffer overrun.

This tells me that I need to do more testing of this code... or at least read though it all another time looking for any other possible buffer overruns.

[alexdowad]

Looks like the CI build is broken. Same test failure again:

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Test lstat() and stat() functions: usage variations - effects changing permissions of link [ext/standard/tests/file/lstat_stat_variation15.phpt]
=====================================================================

[alexdowad]

Well, this is interesting. @nikic's discovery of a buffer overrun in my UUEncode conversion code prompted me to add a38c7e5. Wouldn't you just know it... that immediately revealed another buffer overrun bug in my UTF-7/UTF7-IMAP code.

Trying to write correct, non-trivial code is no joke!

I am going to do some more personal code review, as well as some more fuzzing, of this PR.

For now, all of @nikic's feedback has been addressed.

[alexdowad]

(By the way, the UTF-7 conversion code with the buffer overrun did not go into any public release of PHP. So there is no need to release a patch for 8.1 or anything.)

[alexdowad]

😅

As a tiny little stress test of my own code, I tried modifying mb_fast_convert to use a tiny buffer for passing wchars between the input and output stages.

That immediately revealed a bug in my code for SJIS-Mobile#DOCOMO, SJIS-Mobile#KDDI, and SJIS-Mobile#SOFTBANK.

Just need to add a regression test for that...

[alexdowad]

If you want to see the bugfix which was just added, git diff e4ef64b.

I need to pound harder on this new code and see if I can shake more bugs out. I think it's time to break afl out and see if it can find anything.

[alexdowad]

All bugs which were found using php-fuzz-mbstring have been fixed. I think this is ready to merge now.

[nikic]

I think you accidentally included more commits than intended, e.g. there's one marked WIP at the end.

[alexdowad]

I think you accidentally included more commits than intended, e.g. there's one marked WIP at the end.

You are absolutely right, my bad. Fixed that now.

[alexdowad]

The one commit which is a bit new here is 35e4768. That was done so that php-fuzz-mbstring would exercise the new conversion code.

[alexdowad]

As always, thanks to @nikic for the thorough code review.

[alexdowad]

Merged.

Thanks all for your help.