panic stripping half-open directive about voca_rs HOT 11 CLOSED

For some reason Brave keeps crashing because of this

Yes. The same character sequence occurs in a current Hacker News rss feed description, and Brave hits this bug trying to strip it out.

from voca_rs.

Looks like the problem is this et seq.

unicode_string_range(subject, i, i + 2).as_str()

doesn't check i + 2 is less than length.

from voca_rs.

For some reason Brave keeps crashing because of this

$ RUST_BACKTRACE=full brave
thread '<unnamed>' panicked at 'range end index 400 out of range for slice of length 399', /home/ubuntu/workspace/brave-browser-build-linux-x64-release/src/brave/build/rustup/1.0.0/registry/src/github.com-1ecc6299db9ec823/voca_rs-1.14.0/src/strip.rs:68:5
stack backtrace:
   0:     0x559e5d1329cc - <unknown>
   1:     0x559e5d1543ec - <unknown>
   2:     0x559e5d130095 - <unknown>
   3:     0x559e5d134440 - <unknown>
   4:     0x559e5d133ff5 - <unknown>
   5:     0x559e5d134b84 - <unknown>
   6:     0x559e5d134630 - <unknown>
   7:     0x559e5d132e74 - <unknown>
   8:     0x559e5d134599 - <unknown>
   9:     0x559e5d1522b1 - <unknown>
  10:     0x559e5d1560d2 - <unknown>
  11:     0x559e5ce390d4 - <unknown>
  12:     0x559e5ce38b09 - <unknown>
  13:     0x559e5ce00f50 - <unknown>
  14:     0x559e5ce0270f - <unknown>
  15:     0x559e63410d33 - <unknown>
[1108/000712.721769:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[1108/000712.722611:ERROR:elf_dynamic_array_reader.h(64)] tag not found
[1744330:1744340:1108/000716.208997:ERROR:broker_posix.cc(40)] Recvmsg error: Connection reset by peer (104)
zsh: IOT instruction (core dumped)  RUST_BACKTRACE=full brave

from voca_rs.

Thanks for reviewing and merging the changes! If you're ok with the code, it would be helpful if you could publish a new version so we can update our application.

from voca_rs.

The new version has been published https://crates.io/crates/voca_rs/1.15.1
Please review and test 🙌🏻

from voca_rs.

Thanks! Unfortunately my fix is wrong.
It works on the reduced test case, but of course length is in bytes, but i is counting graphemes, so if the subject text has any combining characters, the lookahead can still run off the end. :(

from voca_rs.

@rillian Oh! Good to know! Could you please provide good test cases?

from voca_rs.

Our original reproduction has non-breaking space characters in it. I think that's what's triggering the crash with 1.15.1. So maybe something like:

voca_rs::strip::strip_tags("a\u{00a0}test\u{00a0}<!")

from voca_rs.

Actually, any multibyte utf-8 should trigger it.

voca_rs::strip::strip_tags("天地不仁<!")

from voca_rs.

Thanks for the quick review! I can confirm that this second revision resolves our original issue.

from voca_rs.

Please review and test the following release https://crates.io/crates/voca_rs/1.15.2

from voca_rs.