From dev-return-198857-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Tue May 14 13:51:05 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 93BED18065D for ; Tue, 14 May 2019 15:51:05 +0200 (CEST) Received: (qmail 60866 invoked by uid 500); 14 May 2019 13:51:04 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 60856 invoked by uid 99); 14 May 2019 13:51:04 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 May 2019 13:51:04 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 4C89287363; Tue, 14 May 2019 13:50:59 +0000 (UTC) Date: Tue, 14 May 2019 13:50:59 +0000 To: "dev@tomcat.apache.org" Subject: [tomcat] branch master updated: Improve BoM detection for rarely used UTF-32 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <155784185921.24943.10956281504040299454@gitbox.apache.org> From: markt@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: tomcat X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 2de31a7f7daedd96b88f12f73f182ebc6c1be5cc X-Git-Newrev: 8607e1a0d2c283e443ce1ba2ccfb55b1884a580e X-Git-Rev: 8607e1a0d2c283e443ce1ba2ccfb55b1884a580e X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 8607e1a Improve BoM detection for rarely used UTF-32 8607e1a is described below commit 8607e1a0d2c283e443ce1ba2ccfb55b1884a580e Author: Mark Thomas AuthorDate: Tue May 14 14:50:43 2019 +0100 Improve BoM detection for rarely used UTF-32 Identified by Coverity Scan which reported unreachable code. --- java/org/apache/catalina/servlets/DefaultServlet.java | 12 +++++++++++- webapps/docs/changelog.xml | 5 +++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index 205d302..2e669d4 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -1212,7 +1212,9 @@ public class DefaultServlet extends HttpServlet { skip(is, 2); return StandardCharsets.UTF_16BE; } - if (b0 == 0xFF && b1 == 0xFE) { + // Delay the UTF_16LE check if there are more that 2 bytes since it + // overlaps with UTF32-LE. + if (count == 2 && b0 == 0xFF && b1 == 0xFE) { skip(is, 2); return StandardCharsets.UTF_16LE; } @@ -1244,6 +1246,14 @@ public class DefaultServlet extends HttpServlet { return Charset.forName("UTF32-LE"); } + // Now we can check for UTF16-LE. There is an assumption here that we + // won't see a UTF16-LE file with a BOM where the first real data is + // 0x00 0x00 + if (b0 == 0xFF && b1 == 0xFE) { + skip(is, 2); + return StandardCharsets.UTF_16LE; + } + skip(is, 0); return null; } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 92f2aa0..4f83bb2 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -63,6 +63,11 @@ Make a best efforts attempt to clean-up if a request fails during processing due to an OutOfMemoryException. (markt) + + Improve the BoM detection for static files handled by the default + servlet for the rarely used UTF-32 encodings. Identified by Coverity + Scan. (markt) + --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org