couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Curt Arnold (JIRA)" <>
Subject [jira] Updated: (COUCHDB-345) "High ASCII" can be inserted into db but not retrieved
Date Sat, 29 Aug 2009 15:59:32 GMT


Curt Arnold updated COUCHDB-345:

    Attachment: badenc1.patch

The patch also addresses the issue.  It redefined ?JSON_DECODE to couch_db:json_decode/1 which
calls xmerl_ucs:from_utf8 prior to delegating to mochijson2:decode.  If there is a encoding
problem, it throws {invalid_json, <<"bad utf8...">> } which eliminates the need
to add new catch clauses in the calling code.

> "High ASCII" can be inserted into db but not retrieved
> ------------------------------------------------------
>                 Key: COUCHDB-345
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>    Affects Versions: 0.9
>         Environment: OSX 10.5.6
>            Reporter: Joan Touzet
>         Attachments: badenc1.patch, badtext.tar.gz,, reject_invalid_utf8.patch
> It is possible to PUT/POST a document into CouchDB with a "high ASCII" value that cannot
be retrieved. This results from not escaping a non-ASCII value into \u#### when PUT/POSTing
the document.
> The attached sample code will recreate the problem using the hex value D8 (Ø) in a possibly
unsavoury test string.
> Sample output against 0.9.0 is as follows:
> ================================================
> {
>     "ok": true
> }
> {
>     "id": "fail", 
>     "ok": true, 
>     "rev": "1-76726372"
> }
> {
>     "error": "ucs", 
>     "reason": "{bad_utf8_character_code}"
> }
> ================================================
> Please note this defect turned up another problem, namely that the bad_utf8_character_code
exception thrown by a design document attempting to map() the bad document caused Futon to
fail silently in building the view, with no indication (except via debug log) that there was
a failure. The log indicated two attempts to build the view, both failing, followed by an
uncaught exception error for Futon.
> Based on this, there are likely other areas in the codebase that do not handle the bad_utf8_character_code
exception correctly.
> My belief is that CouchDB shouldn't accept this input and should have rejected the PUT/POST,
or should have escaped the input itself before the insertion.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message