Fix spurious failures of php-fuzz-mbstring #12819
Conversation
| * Unicode codepoint. */ | ||
| unsigned int errors3 = 0; | ||
| zend_string *Temp = convert_encoding(Data, Size, FromEncoding, &mbfl_encoding_utf8, 128, &errors3); | ||
| if (errors3 > 0) { |
There was a problem hiding this comment.
One theoretical issue I can think of is that you're now relying on the UTF-8 string handling to be correct, so we might miss some bugs?
Also: what if errors3 == 0 (i.e. the input is valid) but errors1>0 and good == true ? I don't think that should be allowed right?
There was a problem hiding this comment.
@nielsdos The point of this extra if clause is that the situation you have described is very possible. It happens if the input string, when interpreted in FromEncoding, contains codepoints which cannot be represented in ToEncoding. That causes spurious crashes of the fuzzer.
I wouldn't say we are "relying on UTF-8 string handling to be correct". The point of this code is that if errors1 > 0, and those errors occurred in the decoder for FromEncoding, then we will still detect the same errors here and we will get errors3 > 0.
We are relying on the UTF-8 encoder not to spuriously give errors3 > 0. But if that happens, it wouldn't result in bugs being missed; rather, it would result in spurious crashes of the fuzzer.
There was a problem hiding this comment.
Sorry, you're right indeed; should've commented when I was less tired from the work day ;)
In that case, this patch looks good to me.
|
@nielsdos Thanks so much for the review. Landed on master. |
@Girgias @nielsdos @youkidearitai @cmb69