json: disallow overlong and out-of-range UTF-8 #4097
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes ziglang#2379 = Overlong (non-shortest) sequences UTF-8's unique encoding scheme allows for some Unicode codepoints to be represented in multiple ways. For any of these characters, the spec forbids all but the shortest form. These disallowed longer sequences are called "overlong". As an interesting side effect of this rule, the bytes C0 and C1 never appear in valid UTF-8. = Codepoint range UTF-8 disallows representation of codepoints beyond U+10FFFF, which is the highest character which can be encoded in UTF-16. Because a 4-byte sequence is capable of resulting in such characters, they must be explicitly rejected. This rule also has an interesting side effect, which is that bytes F5 to FF never appear. = References Detecting an overlong version of a codepoint could get gnarly, but luckily The Unicode Consortium did the hard work by creating this handy table of valid byte sequences: https://unicode.org/versions/corrigendum1.html I thought this mapped nicely to the parser's state machine, so I rearranged the relevant states to make use of it.
|
Regarding the naming convention in tests, these correspond to the tests found in this repository: https://github.com/nst/JSONTestSuite |
Ahhh, I see, thanks. I'm happy to rename the tests or move them to std/json.zig if you'd prefer. |
|
I think it is fine to add these to the existing file. A few have already been done. A comment indicating what part of the spec they refer to would be more than enough. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2379
Today we done learn a thing or two about UTF-8 and JSON! If you are curious about the encoding-related details, please see my commit message 馃拃 馃敤
Changes
Notes
and pre毛mption of awkward feels
\uDEADcase in std.json failing test cases聽#2379 was already intentionally being allowed. See my comment on that issue for details, and investigate handling of windows file paths which are invalid utf-16le聽#1774, Windows paths allow unpaired surrogates聽#2565 for related discussion.--emit asmshows me that0x80...0xBF =>adds 10-ish instructions over a bitwise op, but I figured an optimizing stage2 will take care of that someday. I addedsequence_first_byteinstead of reusing an existing field. I'm open to changing any of that.