Commit graph

44 commits

Author SHA1 Message Date
Andreas Kling
e7ba03ddd1 AK: Add Utf8View::iterator_at_byte_offset_without_validation()
Unlike iterator_at_byte_offset(), this function assumes the provided
byte offset is a valid offset into the UTF-8 character stream.

This avoids walking the stream from the start.
2022-11-24 16:06:20 +00:00
Ben Wiederhake
ff8f3814cc AK+Tests: Avoid creating invalid code points from malformed UTF-8
Instead of doing anything reasonable, Utf8CodePointIterator returned
invalid code points, for example U+123456. However, many callers of this
iterator assume that a code point is always at most 0x10FFFF.

In fact, this is one of two reasons for the following OSS Fuzz issue:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49184
This is probably a very old bug.

In the particular case of URLParser, AK::is_url_code_point got confused:
    return /* ... */ || code_point >= 0xA0;
If code_point is a "code point" beyond 0x10FFFF, this violates the
condition given in the preceding comment, but satisfies the given
condition, which eventually causes URLParser to crash.

This commit fixes *only* the erroneous UTF-8 decoding, and does not
fully resolve OSS-Fuzz#49184.
2022-10-09 10:37:20 -06:00
kleines Filmröllchen
df57536c40 AK: Put invalid UTF8 debug spam behind a flag
This is very annoying if we're (intentionally) passing invalid UTF8 into
Utf8View.
2022-04-27 00:02:24 +02:00
Timothy Flynn
9e5abec6f1 AK: Invalidate UTF-8 encoded code points larger than U+10ffff
On oss-fuzz, the LibJS REPL is provided a file encoded with Windows-1252
with the following contents:

    /ô¡°½/

The REPL assumes the input file is UTF-8. So in Windows-1252, the above
is represented as [0x2f 0xf4 0xa1 0xb0 0xbd 0x2f]. The inner 4 bytes are
actually a valid UTF-8 encoding if we only look at the most significant
bits to parse leading/continuation bytes. However, it decodes to the
code point U+121c3d, which is not a valid code point.

This commit adds additional validation to ensure the decoded code point
itself is also valid.
2022-04-05 00:14:29 +01:00
Idan Horowitz
086969277e Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
Andreas Kling
391352c112 AK: Inline all the trivial Utf8View functions
This improves parsing time on a large chunk of JS by ~3%.
2021-09-18 19:54:24 +02:00
Andreas Kling
1be4cbd639 AK: Make Utf8View constructors inline and remove C string constructor
Using StringView instead of C strings is basically always preferable.
The only reason to use a C string is because you are calling a C API.
2021-09-18 19:54:24 +02:00
Timothy Flynn
c4ee576531 AK: Add Utf8View::byte_offset_of overload for code point index lookups 2021-08-18 09:47:09 +04:30
Timothy Flynn
87848cdf7d AK: Track byte length, rather than code point length, in Utf8View::trim
Utf8View::trim uses Utf8View::substring_view to return its result, which
requires the input to be a byte offset/length rather than code point
length.
2021-07-17 16:59:59 +01:00
Idan Horowitz
fea6d952a4 AK: Add the Utf8View::{contains, trim} helper methods 2021-06-16 20:05:18 +01:00
Max Wipfli
3c7e775a9a AK: Utf8CodePointIterator: Don't output full string to debug output
When a code point is invalid, the full string was outputted to the debug
output. For large strings, this can make the system quite slow.
Furthermore, one of the cases incorrectly assumed the data to be null
terminated. This patch modifies the debug statements not to print the
full string.

This fixes oss-fuzz issue 35050.
2021-06-08 19:08:02 +02:00
DexesTTP
e01f1c949f AK: Do not VERIFY on invalid code point bytes in UTF8View
The previous behavior was to always VERIFY that the UTF-8 bytes were
valid when iterating over the code points of an UTF8View. This change
makes it so we instead output the 0xFFFD 'REPLACEMENT CHARACTER'
code point when encountering invalid bytes, and keep iterating the
view after skipping one byte.

Leaving the decision to the consumer would break symmetry with the
UTF32View API, which would in turn require heavy refactoring and/or
code duplication in generic code such as the one found in
Gfx::Painter and the Shell.

To make it easier for the consumers to detect the original bytes, we
provide a new method on the iterator that returns a Span over the
data that has been decoded. This method is immediately used in the
TextNode::compute_text_for_rendering method, which previously did
this in a ad-hoc waay.

This also add tests for the new behavior in TestUtf8.cpp, as well
as reinforcements to the existing tests to check if the underlying
bytes match up with their expected values.
2021-06-03 18:28:27 +04:30
Andreas Kling
12a42edd13 Everywhere: codepoint => code point 2021-06-01 10:01:11 +02:00
Andreas Kling
407d6cd9e4 AK: Rename Utf8CodepointIterator => Utf8CodePointIterator 2021-06-01 09:45:52 +02:00
Max Wipfli
14506e8f5e AK: Implement Utf8CodepointIterator::peek(size_t)
This adds a peek method for Utf8CodepointIterator, which enables it to
be used in some parsing cases where peeking is necessary.

peek(0) is equivalent to operator*, expect that peek() does not contain
any assertions and will just return an empty Optional<u32>.

This also implements a test case for iterating UTF-8.
2021-06-01 09:28:05 +02:00
Max Wipfli
a72bb34970 AK: Add Utf8View::iterator_at_byte_offset method
This implements a method to get a Utf8CodepointIterator at a specified
byte offset.
2021-05-21 21:57:03 +02:00
Max Wipfli
c1b452f754 AK: Add substring methods to Utf8View
This patch implements a Unicode-safe substring method, which can be used
when offset and length should be specified in actual characters instead
of bytes.

This can be used to mitigate issues where a string is split in the
middle of a UTF-8 multi-byte character, which leads to invalid UTF-8.

Furthermore, it implements to common shorthands for substring methods
which take only an offset and return the substring until the end of the
string.
2021-05-21 21:57:03 +02:00
Max Wipfli
8c19c2f296 AK: Change some argument and return types in Utf8View from int to size_t
This changes the return type of Utf8View::byte_length and the argument
types of substring_view from int to size_t.
2021-05-21 21:57:03 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Idan Horowitz
edecf8f6a3 AK: Add starts_with to Utf8View
Unlike String/StringView::starts_with this compares utf8 code points
instead of "characters" (bytes), which is important when handling
aribtary utf-8 input that could include overlong characters.
2021-03-25 10:59:34 +01:00
Andreas Kling
ef1e5db1d0 Everywhere: Remove klog(), dbg() and purge all LogStream usage :^)
Good-bye LogStream. Long live AK::Format!
2021-03-12 17:29:37 +01:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
asynts
2927656d85 AK: Use size_t in methods of Utf8View. 2021-01-02 01:37:22 +01:00
Andreas Kling
13594b7146 LibGfx+AK: Make text elision work with multi-byte characters
This was causing WindowServer and Taskbar to crash sometimes when the
stars aligned and we tried cutting off a string ending with "..." right
on top of an emoji. :^)
2020-12-28 23:54:10 +01:00
Lenny Maiorani
765936ebae
Everywhere: Switch from (void) to [[maybe_unused]] (#4473)
Problem:
- `(void)` simply casts the expression to void. This is understood to
  indicate that it is ignored, but this is really a compiler trick to
  get the compiler to not generate a warning.

Solution:
- Use the `[[maybe_unused]]` attribute to indicate the value is unused.

Note:
- Functions taking a `(void)` argument list have also been changed to
  `()` because this is not needed and shows up in the same grep
  command.
2020-12-21 00:09:48 +01:00
Tom
6413acd78c AK: Make Utf8View and Utf32View more consistent
This enables use of these classes in templated code.
2020-10-22 15:23:45 +02:00
asynts
1d96d5eea4 AK: Use new format functions. 2020-10-08 09:59:55 +02:00
Nico Weber
ce95628b7f Unicode: Try s/codepoint/code_point/g again
This time, without trailing 's'. Ran:

    git grep -l 'codepoint' | xargs sed -ie 's/codepoint/code_point/g
2020-08-05 22:33:42 +02:00
Nico Weber
19ac1f6368 Revert "Unicode: s/codepoint/code_point/g"
This reverts commit ea9ac3155d.
It replaced "codepoint" with "code_points", not "code_point".
2020-08-05 22:33:42 +02:00
Andreas Kling
ea9ac3155d Unicode: s/codepoint/code_point/g
Unicode calls them "code points" so let's follow their style.
2020-08-03 19:06:41 +02:00
AnotherTest
a4e0b585fe AK: Add a way to get the number of valid bytes in a Utf8View 2020-05-18 11:31:43 +02:00
Andreas Kling
6cde7e4d20 AK: Add Utf8View::length_in_codepoints() 2020-05-17 13:05:39 +02:00
Emanuel Sprung
074d935c6e AK, LibGfx, LibGUI: Initialize various variables to zero.
The not initialized variables can lead to compiler warnings that
become errors with the -Werror flag.
2020-02-25 10:18:46 +01:00
Andreas Kling
3bbf4610d2 AK: Add a forward declaration header
You can now #include <AK/Forward.h> to get most of the AK types as
forward declarations.

Header dependency explosion is one of the main contributors to compile
times at the moment, so this is a step towards smaller include graphs.
2020-02-14 23:31:18 +01:00
Sergey Bugaev
c0b32f7b76 Meta: Claim copyright for files created by me
This changes copyright holder to myself for the source code files that I've
created or have (almost) completely rewritten. Not included are the files
that were significantly changed by others even though it was me who originally
created them (think HtmlView), or the many other files I've contributed code to.
2020-01-24 15:15:16 +01:00
Andreas Kling
94ca55cefd Meta: Add license header to source files
As suggested by Joshua, this commit adds the 2-clause BSD license as a
comment block to the top of every source file.

For the first pass, I've just added myself for simplicity. I encourage
everyone to add themselves as copyright holders of any file they've
added or modified in some significant way. If I've added myself in
error somewhere, feel free to replace it with the appropriate copyright
holder instead.

Going forward, all new source files should include a license header.
2020-01-18 09:45:54 +01:00
Andreas Kling
6f4c380d95 AK: Use size_t for the length of strings
Using int was a mistake. This patch changes String, StringImpl,
StringView and StringBuilder to use size_t instead of int for lengths.
Obviously a lot of code needs to change as a result of this.
2019-12-09 17:51:21 +01:00
Andreas Kling
f4e6dae6fe UTF-8: Add Utf8CodepointIterator::codepoint_length_in_bytes()
This allows you to retrieve the length (in bytes) of the codepoint the
iterator is currently pointing at.
2019-10-18 22:49:23 +02:00
Andreas Kling
9f99e285d1 Utf8View: Don't print potentially unterminated string in debug message 2019-09-15 15:46:40 +02:00
Sergey Bugaev
1fb6a7d893 AK: Fix buffer overrun in Utf8CodepointIterator::operator++
The old implementation tried to move forward as long as the current
byte looks like a UTF-8 character continuation byte (has its two
most significant bits set to 10). This is correct as long as we assume
the string is actually valid UTF-8, which we do (we also have a separate
method that can check whether it is the case).

We can't, however, assume that the data after the end of our string
is also valid UTF-8 (in fact, we're not even allowed to look at data
outside out string, but it happens to a valid memory region most of
the time). If the byte after the end of our string also has its most
significant bits set to 10, we would move one byte forward, and then
fail the m_length > 0 assertion.

One way to fix this would be to add a length check inside the loop
condition. The other one, implemented in this commit, is to reimplement
the whole function in terms of decode_first_byte(), which gives us
the length as encoded in the first byte. This also brings it more
in line with the other functions around it that do UTF-8 decoding.
2019-09-08 17:45:10 +02:00
Andreas Kling
fb39e46d3d Utf8View: Try fixing the travis-ci build
There's some overload ambiguity when doing Utf8View("literal")
2019-09-05 19:06:39 +02:00
Sergey Bugaev
55197ed4ef AK: Log UTF-8 validation errors 2019-09-05 16:37:39 +02:00
Sergey Bugaev
c379f43d2a AK: Add some more utility methods to Utf8View 2019-09-05 16:37:39 +02:00
Sergey Bugaev
5d3696174b AK: Add a Utf8View type for iterating over UTF-8 codepoints
Utf8View wraps a StringView and implements begin() and end() that
return a Utf8CodepointIterator, which parses UTF-8-encoded Unicode
codepoints and returns them as 32-bit integers.

This is the first step towards supporting emojis in Serenity ^)
https://github.com/SerenityOS/serenity/issues/490
2019-08-28 13:46:02 +02:00