GNU bug report logs - #34469
26.1; EWW stops renderring web page on null byte

Previous Next

Full log

Message #48 received at 34469 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Robert Pluim <rpluim <at> gmail.com>
Cc: Glenn Morris <rgm <at> gnu.org>, Eli Zaretskii <eliz <at> gnu.org>,
 34469 <at> debbugs.gnu.org, Lukasz Pawelczyk <l.pawelczyk <at> samsung.com>,
 Nicholas Drozd <nicholasdrozd <at> gmail.com>
Subject: 26.1; EWW stops renderring web page on null byte
Date: Wed, 27 Feb 2019 17:52:52 -0800

[Message part 1 (text/plain, inline)]

Thanks for fixing that bug. However, replacing NUL with \0 sounds iffy.
Even if we assume that a web page contains C-like code, the replacement
would mishandle a NUL followed by an octal digit, since the replacement
would look like \07 which would be interpreted as a BEL character, not
as a NULL followed by a digit 7. And web pages do not typically contain
C code, so the replacement \0 might cause other trouble.

Instead, it sounds better to replace NUL with the four-character
sequence "�", as this is a standard HTML way to represent a NUL
character. I installed the attached patch to do this.

In my little tests with this patch, libxml2 typically handled � by
discarding it and continuing to parse, which is better than ignoring the
rest of the input. In some cases libxml2 handles � by discarding
later input up to a delimiter; although this is bad, it's a libxml2 bug
that attackers can exploit independently of what Emacs does with NUL,
since attackers can simply use �.

[0001-Escape-HTML-NUL-as-0-in-eww.patch (text/x-patch, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.