Reject surrogates when decoding UTF32

Author: msimacek

graalpython/com.oracle.graal.python.test/src/tests/test_codecs.py

@@ -875,5 +875,11 @@ def test_encode(self):
         self.assertRaises(UnicodeEncodeError, codec.encode, '\xffff')
 
 
+class UTF32Test(unittest.TestCase):
+    def test_utf32_surrogate_error(self):
+        with self.assertRaisesRegex(UnicodeDecodeError, "'utf_32' codec can't decode bytes in position 4-7"):
+            b'a\x00\x00\x00\x00\xd8\x00\x00z\x00\x00\x00'.decode('utf-32')
+
+
 if __name__ == '__main__':
     unittest.main()

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/charset/PythonUTF32CharsetWrapper.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * The Universal Permissive License (UPL), Version 1.0
+ *
+ * Subject to the condition set forth below, permission is hereby granted to any
+ * person obtaining a copy of this software, associated documentation and/or
+ * data (collectively the "Software"), free of charge and under any and all
+ * copyright rights in the Software, and any and all patent rights owned or
+ * freely licensable by each licensor hereunder covering either (i) the
+ * unmodified Software as contributed to or provided by such licensor, or (ii)
+ * the Larger Works (as defined below), to deal in both
+ *
+ * (a) the Software, and
+ *
+ * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+ * one is included with the Software each a "Larger Work" to which the Software
+ * is contributed by such licensors),
+ *
+ * without restriction, including without limitation the rights to copy, create
+ * derivative works of, display, perform, and distribute the Software and make,
+ * use, sell, offer for sale, import, export, have made, and have sold the
+ * Software and the Larger Work(s), and to sublicense the foregoing rights on
+ * either these or other terms.
+ *
+ * This license is subject to the following condition:
+ *
+ * The above copyright notice and either this complete permission notice or at a
+ * minimum a reference to the UPL must be included in all copies or substantial
+ * portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.oracle.graal.python.charset;
+
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+import java.nio.CharBuffer;
+import java.nio.charset.Charset;
+import java.nio.charset.CharsetDecoder;
+import java.nio.charset.CharsetEncoder;
+import java.nio.charset.CoderResult;
+
+import com.oracle.graal.python.util.PythonUtils;
+
+public class PythonUTF32CharsetWrapper extends Charset {
+    private final ByteOrder byteOrder;
+    private final Charset delegate;
+
+    public PythonUTF32CharsetWrapper(Charset delegate, ByteOrder byteOrder) {
+        super("x-python-UTF32" + (byteOrder == ByteOrder.BIG_ENDIAN ? "BE" : "LE"), PythonUtils.EMPTY_STRING_ARRAY);
+        this.byteOrder = byteOrder;
+        this.delegate = delegate;
+    }
+
+    @Override
+    public boolean contains(Charset cs) {
+        return delegate.contains(cs);
+    }
+
+    @Override
+    public CharsetDecoder newDecoder() {
+        return new DecoderWrapper(this, delegate.newDecoder(), byteOrder);
+    }
+
+    @Override
+    public CharsetEncoder newEncoder() {
+        return delegate.newEncoder();
+    }
+
+    private static class DecoderWrapper extends CharsetDecoder {
+        private final CharsetDecoder delegate;
+        private final ByteOrder byteOrder;
+
+        private DecoderWrapper(Charset charset, CharsetDecoder delegate, ByteOrder byteOrder) {
+            super(charset, 4, 4);
+            this.delegate = delegate;
+            this.byteOrder = byteOrder;
+        }
+
+        @Override
+        protected CoderResult decodeLoop(ByteBuffer in, CharBuffer out) {
+            ByteOrder originalByteOrder = in.order();
+            int originalPosition = in.position();
+            in.order(byteOrder);
+            try {
+                while (in.remaining() >= 4) {
+                    int cp = in.getInt();
+                    if (0xD800 <= cp && cp <= 0xDFFF) {
+                        in.position(in.position() - 4);
+                        return CoderResult.malformedForLength(4);
+                    }
+                }
+            } finally {
+                in.order(originalByteOrder);
+            }
+            in.position(originalPosition);
+            return delegate.decode(in, out, false);
+        }
+    }
+}

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/util/CharsetMapping.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * The Universal Permissive License (UPL), Version 1.0
@@ -54,7 +54,9 @@
 import java.util.concurrent.ConcurrentMap;
 
 import org.graalvm.shadowed.com.ibm.icu.charset.CharsetICU;
+
 import com.oracle.graal.python.charset.PythonRawUnicodeEscapeCharset;
+import com.oracle.graal.python.charset.PythonUTF32CharsetWrapper;
 import com.oracle.graal.python.charset.PythonUnicodeEscapeCharset;
 import com.oracle.graal.python.util.CharsetMappingFactory.NormalizeEncodingNameNodeGen;
 import com.oracle.truffle.api.CompilerDirectives.TruffleBoundary;
@@ -72,7 +74,10 @@
  * Utility class for mapping Python encodings to Java charsets
  */
 public class CharsetMapping {
-    private static final Charset UTF_32 = Charset.forName("UTF_32");
+    private static final Charset UTF_32LE = new PythonUTF32CharsetWrapper(Charset.forName("UTF-32LE"), ByteOrder.LITTLE_ENDIAN);
+    private static final Charset UTF_32LE_BOM = new PythonUTF32CharsetWrapper(Charset.forName("UTF-32LE-BOM"), ByteOrder.LITTLE_ENDIAN);
+    private static final Charset UTF_32BE = new PythonUTF32CharsetWrapper(Charset.forName("UTF-32BE"), ByteOrder.BIG_ENDIAN);
+    private static final Charset UTF_32BE_BOM = new PythonUTF32CharsetWrapper(Charset.forName("UTF-32BE-BOM"), ByteOrder.BIG_ENDIAN);
     private static final ConcurrentMap<String, Charset> JAVA_CHARSETS = new ConcurrentHashMap<>();
     // Name maps are populated by static initializer and are immutable afterwards
     private static final Map<TruffleString, String> CHARSET_NAME_MAP = new HashMap<>();
@@ -101,8 +106,11 @@ public static Charset getCharsetForDecodingNormalized(TruffleString normalizedEn
              */
             if (T_UTF_16_UNDERSCORE.equalsUncached(normalizedEncoding, TS_ENCODING) && hasUTF16BOM(bytes, len)) {
                 return StandardCharsets.UTF_16;
-            } else if (T_UTF_32_UNDERSCORE.equalsUncached(normalizedEncoding, TS_ENCODING) && hasUTF32BOM(bytes, len)) {
-                return UTF_32;
+            } else if (T_UTF_32_UNDERSCORE.equalsUncached(normalizedEncoding, TS_ENCODING)) {
+                Charset charset = getUTF32CharsetForBOM(bytes, len);
+                if (charset != null) {
+                    return charset;
+                }
             }
         }
         String name = CHARSET_NAME_MAP.get(normalizedEncoding);
@@ -120,12 +128,18 @@ private static boolean hasUTF16BOM(byte[] bytes, int len) {
         return head == (short) 0xFFFE || head == (short) 0xFEFF;
     }
 
-    private static boolean hasUTF32BOM(byte[] bytes, int len) {
+    private static Charset getUTF32CharsetForBOM(byte[] bytes, int len) {
         if (len < 4) {
-            return false;
+            return null;
         }
         int head = PythonUtils.ARRAY_ACCESSOR.getInt(bytes, 0);
-        return head == 0xFFFE0000 || head == 0x0000FEFF;
+        if (head == 0xFFFE0000) {
+            return UTF_32BE_BOM;
+        }
+        if (head == 0x0000FEFF) {
+            return UTF_32LE_BOM;
+        }
+        return null;
     }
 
     @TruffleBoundary
@@ -214,7 +228,9 @@ private static void addAlias(String alias, String pythonName) {
         JAVA_CHARSETS.put("UTF-16BE", StandardCharsets.UTF_16BE);
         JAVA_CHARSETS.put("UTF-16LE", StandardCharsets.UTF_16LE);
         JAVA_CHARSETS.put("UTF-16", ByteOrder.nativeOrder() == ByteOrder.LITTLE_ENDIAN ? Charset.forName("UnicodeLittle") : StandardCharsets.UTF_16);
-        JAVA_CHARSETS.put("UTF-32", ByteOrder.nativeOrder() == ByteOrder.LITTLE_ENDIAN ? Charset.forName("UTF-32LE-BOM") : Charset.forName("UTF-32BE-BOM"));
+        JAVA_CHARSETS.put("UTF-32BE", UTF_32BE);
+        JAVA_CHARSETS.put("UTF-32LE", UTF_32LE);
+        JAVA_CHARSETS.put("UTF-32", ByteOrder.nativeOrder() == ByteOrder.LITTLE_ENDIAN ? UTF_32LE_BOM : UTF_32BE_BOM);
 
         // Add our custom charsets
         addMapping("raw_unicode_escape", "x-python-raw-unicode-escape");