New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 842008 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Long OOO (go/where-is-mgiuca)
Closed: May 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac , Fuchsia
Pri: 3
Type: Bug
Team-Security-UX

Blocked on:
issue 585422



Sign in to add a comment

FilenameUtilTest has disabled tests for invalid UTF-8 input

Project Member Reported by mgiuca@chromium.org, May 11 2018

Issue description

From b/878908 (referenced in net/base/filename_util_unittest.cc), darin@:
"""
WideToMultiByte and MultiByteToWide should use ICU 

The concern is that Windows and ICU might not agree on how to convert charsets, and since we use ICU in some places, we should just use it everywhere.  At least, these very common string_util functions should use it.

Note:  TEST(NetUtilTest, FileURLConversion) [now FilenameUtilTest] in net_util_unittest.cc [now filename_util_unittest] has a portion commented out because of this bug.
"""

This is an extremely old comment (2007) which only applies on Windows. I'm sure we do use ICU now so the first part is no longer relevant.

What is still relevant is that the invalid UTF-8-input tests are disabled. I've managed to re-enable them on POSIX (where it's actually completely valid input because filenames are not UTF-8), but I'm not really sure what the correct behaviour on Windows should be. It doesn't really matter since you shouldn't be using invalid UTF-8 filenames on Windows, so as long as it does something reasonable (i.e. not a crash or security issue) I don't mind how it resolves to a filename.

Fixing as part of  Issue 585422  (https://chromium-review.googlesource.com/c/chromium/src/+/1053672).
 
Project Member

Comment 1 by bugdroid1@chromium.org, May 16 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/29b1b5605bcfc096a24ccb0d6b5e361bcba861bf

commit 29b1b5605bcfc096a24ccb0d6b5e361bcba861bf
Author: Matt Giuca <mgiuca@chromium.org>
Date: Wed May 16 04:06:16 2018

Updated FilenameUtilTest with new edge cases.

Now tests unquoting of blacklisted characters, control chars, invalid
UTF-8 bytes and '+'. Also uncomments (and fixes) a number of
pre-existing commented-out tests relating to slash normalization and
unquoted invalid UTF-8 bytes.

Bug:  585422 ,  842008 
Change-Id: Ic5febf116a1a9cb73d1ef51195fdf1d52954211d
Reviewed-on: https://chromium-review.googlesource.com/1058744
Commit-Queue: Matt Giuca <mgiuca@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#558970}
[modify] https://crrev.com/29b1b5605bcfc096a24ccb0d6b5e361bcba861bf/net/base/filename_util_unittest.cc

Comment 2 by mgiuca@chromium.org, May 18 2018

Status: Fixed (was: Started)

Sign in to add a comment