New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SR-9048] Intentionally crafted String
can crash Swift application by fatalError
#51551
Comments
Current workaround is using let set = Set([str].map { $0 as NSString }) If you can’t use obj.perform(#selector(setter: ObjClass.property), with: NSSet(array: [str].map { $0 as NSString })) if it’s not Objective-C class, probably no easy solution so don’t use that setter. |
Looks like there is The input Unicode code points in this example are in length 16. U+0336, U+0344, U+0357, U+0343, U+0314, U+0351, U+0340, U+0300, U+0340, U+0360, U+0314, U+0357, U+0315, U+0301, U+0344, U+0061 By allocating enough size of buffer, the output Unicode code points of NFC normalization by U+0336, U+0308, U+0301, U+0357, U+0313, U+0314, U+0351, U+0300, U+0300, U+0300, U+0314, U+0357, U+0301, U+0308, U+0301, U+0315, U+0360, U+0061 This is bigger than input, however, // In swift/stdlib/public/core/NormalizedCodeUnitIterator.swift
var intermediateBuffer = _FixedArray16<CodeUnit>(allZeros:())
if overflowBuffer == nil,
let filled = source.tryFill(buffer: &intermediateBuffer)
{
guard let count = _tryNormalize(
_castOutputBuffer(&intermediateBuffer,
endingAt: filled),
into: &segmentBuffer
) This may be If this is prior case ( Update: I tried other normalization implementation like the one in Ruby's See https://gist.github.com/niw/cd27dbb0ffc37eb61c3bd7f94dc347e4 |
cc @milseman |
Looks like SR-8939 is similar or same issue. |
Unicode defines a max NFC expansion factor of 3, so we should (though there seems to be a bug where we aren't) be allocating 3x the number of input code units in our fixed buffers. Lance (JIRA User) is working on a fix to https://bugs.swift.org/browse/SR-8939, which might be the same issue. Lance, could you merge this example into the list of test cases you're building up? |
@milseman Thank you for your explanation, that’s really good to know...![]( It was unclear to me by quickly reading UAX #15 or implementations. Then sounds like we need more buffer to complete NFC. I’m happy to hear that Lance (JIRA User) is already working on it. Thank you so much) 🙂 |
You can see more at http://unicode.org/faq/normalization.html#12 Expanders are nasty, and there are even expanders whose expansion have normalization boundaries inside them, thwarting attempts at algebraic properties of segments. |
Environment
Confirmed next swift on macOS X 10.14 (18A391)
Additional Detail from JIRA
md5: 03f7687e9659d4da4cf021d01c16e1b2
blocks:
relates to:
Issue Description:
Next swift code will crash by
fatalError()
Stacktrace:
This is because when we use hash of
String
(In this example, put it inSet
,) it will end up with running Unicode normalization Form C over theString
, by using ICU’sunorm2_normalize
. However, this craftedString
can fill up given buffer and returnNone
from_tryNormalize
, then hitfatalError()
.The text was updated successfully, but these errors were encountered: