<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[178099] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/178099">178099</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2015-01-07 21:18:20 -0800 (Wed, 07 Jan 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>The ASCII decoding for non ASCII character is incorrect if this character comes after going through the fast decoding code path and before the end of the text by less than a machine word size of characters.
https://bugs.webkit.org/show_bug.cgi?id=140173.
Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-01-07
Reviewed by Darin Adler.
Source/WebCore:
Tests: fast/encoding/char-after-fast-path-ascii-decoding.html.
* platform/text/TextCodecLatin1.cpp:
(WebCore::TextCodecLatin1::decode):
This function has a bug when it goes through the fast decoding code path. After copying
one or more all ASCII MachineWords from source to the destination, the following byte
is copied as is from the source to the destination even if it is non ASCII byte. This
causes the decoded bytes to be incorrect. The fix is to ensure that the current byte
is still ASCII after exiting the fast decoding code path.
LayoutTests:
* fast/encoding/char-after-fast-path-ascii-decoding-expected.txt: Added.
* fast/encoding/char-after-fast-path-ascii-decoding.html: Added.
Ensures when an non ASCII character comes after a machine word, whose bytes are all
ASCII characters, is decoded correctly.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformtextTextCodecLatin1cpp">trunk/Source/WebCore/platform/text/TextCodecLatin1.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsfastencodingcharafterfastpathasciidecodingexpectedtxt">trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding-expected.txt</a></li>
<li><a href="#trunkLayoutTestsfastencodingcharafterfastpathasciidecodinghtml">trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (178098 => 178099)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2015-01-08 05:09:25 UTC (rev 178098)
+++ trunk/LayoutTests/ChangeLog 2015-01-08 05:18:20 UTC (rev 178099)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2015-01-07 Said Abou-Hallawa <sabouhallawa@apple.com>
+
+ The ASCII decoding for non ASCII character is incorrect if this character comes after going through the fast decoding code path and before the end of the text by less than a machine word size of characters.
+ https://bugs.webkit.org/show_bug.cgi?id=140173.
+
+ Reviewed by Darin Adler.
+
+ * fast/encoding/char-after-fast-path-ascii-decoding-expected.txt: Added.
+ * fast/encoding/char-after-fast-path-ascii-decoding.html: Added.
+ Ensures when an non ASCII character comes after a machine word, whose bytes are all
+ ASCII characters, is decoded correctly.
+
</ins><span class="cx"> 2015-01-07 Shivakumar JM <shiva.jm@samsung.com>
</span><span class="cx">
</span><span class="cx"> HTMLSelectElement and HTMLOptionsCollection add() method should support index as second argument.
</span></span></pre></div>
<a id="trunkLayoutTestsfastencodingcharafterfastpathasciidecodingexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding-expected.txt (0 => 178099)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding-expected.txt 2015-01-08 05:18:20 UTC (rev 178099)
</span><span class="lines">@@ -0,0 +1,2 @@
</span><ins>+
+ABCDEFGH‚‚
</ins></span></pre></div>
<a id="trunkLayoutTestsfastencodingcharafterfastpathasciidecodinghtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding.html (0 => 178099)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding.html (rev 0)
+++ trunk/LayoutTests/fast/encoding/char-after-fast-path-ascii-decoding.html 2015-01-08 05:18:20 UTC (rev 178099)
</span><span class="lines">@@ -0,0 +1,23 @@
</span><ins>+<html>
+<body>
+ <iframe id="iframe" src="data:,%41%42%43%44%45%46%47%48%82%82"></iframe>
+ <p id="result"></p>
+ <script>
+ if (window.testRunner) {
+ testRunner.dumpAsText(false);
+ testRunner.waitUntilDone();
+ }
+
+ setTimeout(copyIframeText, 500);
+
+ function copyIframeText()
+ {
+ var iframe = document.getElementById("iframe");
+ var result = document.getElementById("result");
+ result.innerHTML = iframe.contentDocument.body.innerHTML;
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+ </script>
+</body>
+</html>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (178098 => 178099)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2015-01-08 05:09:25 UTC (rev 178098)
+++ trunk/Source/WebCore/ChangeLog 2015-01-08 05:18:20 UTC (rev 178099)
</span><span class="lines">@@ -1,3 +1,20 @@
</span><ins>+2015-01-07 Said Abou-Hallawa <sabouhallawa@apple.com>
+
+ The ASCII decoding for non ASCII character is incorrect if this character comes after going through the fast decoding code path and before the end of the text by less than a machine word size of characters.
+ https://bugs.webkit.org/show_bug.cgi?id=140173.
+
+ Reviewed by Darin Adler.
+
+ Tests: fast/encoding/char-after-fast-path-ascii-decoding.html.
+
+ * platform/text/TextCodecLatin1.cpp:
+ (WebCore::TextCodecLatin1::decode):
+ This function has a bug when it goes through the fast decoding code path. After copying
+ one or more all ASCII MachineWords from source to the destination, the following byte
+ is copied as is from the source to the destination even if it is non ASCII byte. This
+ causes the decoded bytes to be incorrect. The fix is to ensure that the current byte
+ is still ASCII after exiting the fast decoding code path.
+
</ins><span class="cx"> 2015-01-07 Shivakumar JM <shiva.jm@samsung.com>
</span><span class="cx">
</span><span class="cx"> HTMLSelectElement and HTMLOptionsCollection add() method should support index as second argument.
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformtextTextCodecLatin1cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/text/TextCodecLatin1.cpp (178098 => 178099)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/text/TextCodecLatin1.cpp 2015-01-08 05:09:25 UTC (rev 178098)
+++ trunk/Source/WebCore/platform/text/TextCodecLatin1.cpp 2015-01-08 05:18:20 UTC (rev 178099)
</span><span class="lines">@@ -146,6 +146,10 @@
</span><span class="cx">
</span><span class="cx"> if (source == end)
</span><span class="cx"> break;
</span><ins>+
+ // *source may not be ASCII anymore if source moves inside the loop of the fast code path
+ if (!isASCII(*source))
+ goto useLookupTable;
</ins><span class="cx"> }
</span><span class="cx"> *destination = *source;
</span><span class="cx"> } else {
</span><span class="lines">@@ -197,6 +201,10 @@
</span><span class="cx">
</span><span class="cx"> if (source == end)
</span><span class="cx"> break;
</span><ins>+
+ // *source may not be ASCII anymore if source moves inside the loop of the fast code path
+ if (!isASCII(*source))
+ goto useLookupTable16;
</ins><span class="cx"> }
</span><span class="cx"> *destination16 = *source;
</span><span class="cx"> } else {
</span></span></pre>
</div>
</div>
</body>
</html>