From 9d81c71aef25a2b9aab22a500e956c18e00e30a2 Mon Sep 17 00:00:00 2001 From: InvalidUsernameException Date: Mon, 15 Sep 2025 23:05:25 +0200 Subject: [PATCH] Do not mis-parse certain wide-character emojis as integer When calling ch_to_digit() with a UTF-16 or UTF-32 code unit, it simply truncates away any data stored in the non-low byte(s) of the code unit. It then uses a lookup table to determine whether the low byte corresponds to an ASCII digit. This is incorrect because as soon as any bit outside the low byte is set, the number will never correspond to a ASCII digit anymore. To fix this, we produce a mask that is all zeroes if any bit outside the low byte is set in the code unit, all ones otherwise. Anding this mask with the original code unit forces the table lookup to return the sentinel value from the zero-index if any high bit was set and causes the code unit not to be parsed as integer. This bug was discovered when loading Mastodon posts inside the Ladybird browser where some of Mastodon's JavaScript would trigger the code path that erroneously parsed the emoji as integer. It had the visible effect that some digits inside the posts would get rendered as one of the emojis that parsed to that digit. For more details see this issue: https://github.com/LadybirdBrowser/ladybird/issues/6205 The emojis in the test case are simply all the emojis used on Mastodon that caused the bug. They can be found here: https://github.com/mastodon/mastodon/blob/06803422da3794538cd9cd5c7ccd61a0694ef921/app/javascript/mastodon/features/emoji/emoji_map.json --- include/fast_float/float_common.h | 8 +- tests/fast_int.cpp | 271 +++++++++++++++++++++++++++++- 2 files changed, 277 insertions(+), 2 deletions(-) diff --git a/include/fast_float/float_common.h b/include/fast_float/float_common.h index 4a13e3b..2b8a528 100644 --- a/include/fast_float/float_common.h +++ b/include/fast_float/float_common.h @@ -1132,7 +1132,13 @@ template constexpr uint64_t int_luts::min_safe_u64[]; template fastfloat_really_inline constexpr uint8_t ch_to_digit(UC c) { - return int_luts<>::chdigit[static_cast(c)]; + using UnsignedUC = typename std::make_unsigned::type; + auto uc = static_cast(c); + // For types larger than one byte, we need to force an index with sentinel + // value (using index zero because that is easiest) if any byte other than + // the low byte is non-zero. + auto mask = static_cast(-((uc & ~0xFFull) == 0)); + return int_luts<>::chdigit[static_cast(uc & mask)]; } fastfloat_really_inline constexpr size_t max_digits_u64(int base) { diff --git a/tests/fast_int.cpp b/tests/fast_int.cpp index 9b107c8..49044d3 100644 --- a/tests/fast_int.cpp +++ b/tests/fast_int.cpp @@ -831,6 +831,275 @@ int main() { return EXIT_FAILURE; } } + // dont parse UTF-16 code units of emojis as int if low byte is ascii digit + { + const std::u16string emojis[] = { + u"ℹ", u"ℹ️", u"☸", u"☸️", u"☹", u"☹️", u"✳", u"✳️", + u"✴", u"✴️", u"⤴", u"⤴️", u"⤵", u"⤵️", u"〰", u"〰️", + }; + bool failed = false; + auto array_size = sizeof(emojis) / sizeof(emojis[0]); + for (size_t i = 0; i < array_size; i++) { + auto e = emojis[i]; + int foo; + auto answer = fast_float::from_chars(e.data(), e.data() + e.size(), foo); + if (answer.ec == std::errc()) { + failed = true; + std::cerr << "Incorrectly parsed emoji #" << i << " as integer " << foo + << "." << std::endl; + } + } + + if (failed) { + return EXIT_FAILURE; + } + } + // dont parse UTF-32 code points of emojis as int if low byte is ascii digit + { + const std::u32string emojis[] = { + U"ℹ", + U"ℹ️", + U"☸", + U"☸️", + U"☹", + U"☹️", + U"✳", + U"✳️", + U"✴", + U"✴️", + U"⤴", + U"⤴️", + U"⤵", + U"⤵️", + U"〰", + U"〰️", + U"🈲", + U"🈳", + U"🈴", + U"🈵", + U"🈶", + U"🈷", + U"🈷️", + U"🈸", + U"🈹", + U"🌰", + U"🌱", + U"🌲", + U"🌳", + U"🌴", + U"🌵", + U"🌶", + U"🌶️", + U"🌷", + U"🌸", + U"🌹", + U"🐰", + U"🐱", + U"🐲", + U"🐳", + U"🐴", + U"🐵", + U"🐶", + U"🐷", + U"🐸", + U"🐹", + U"🔰", + U"🔱", + U"🔲", + U"🔳", + U"🔴", + U"🔵", + U"🔶", + U"🔷", + U"🔸", + U"🔹", + U"😰", + U"😱", + U"😲", + U"😳", + U"😴", + U"😵", + U"😵‍💫", + U"😶", + U"😶‍🌫", + U"😶‍🌫️", + U"😷", + U"😸", + U"😹", + U"🤰", + U"🤰🏻", + U"🤰🏼", + U"🤰🏽", + U"🤰🏾", + U"🤰🏿", + U"🤱", + U"🤱🏻", + U"🤱🏼", + U"🤱🏽", + U"🤱🏾", + U"🤱🏿", + U"🤲", + U"🤲🏻", + U"🤲🏼", + U"🤲🏽", + U"🤲🏾", + U"🤲🏿", + U"🤳", + U"🤳🏻", + U"🤳🏼", + U"🤳🏽", + U"🤳🏾", + U"🤳🏿", + U"🤴", + U"🤴🏻", + U"🤴🏼", + U"🤴🏽", + U"🤴🏾", + U"🤴🏿", + U"🤵", + U"🤵‍♀", + U"🤵‍♀️", + U"🤵‍♂", + U"🤵‍♂️", + U"🤵🏻", + U"🤵🏻‍♀", + U"🤵🏻‍♀️", + U"🤵🏻‍♂", + U"🤵🏻‍♂️", + U"🤵🏼", + U"🤵🏼‍♀", + U"🤵🏼‍♀️", + U"🤵🏼‍♂", + U"🤵🏼‍♂️", + U"🤵🏽", + U"🤵🏽‍♀", + U"🤵🏽‍♀️", + U"🤵🏽‍♂", + U"🤵🏽‍♂️", + U"🤵🏾", + U"🤵🏾‍♀", + U"🤵🏾‍♀️", + U"🤵🏾‍♂", + U"🤵🏾‍♂️", + U"🤵🏿", + U"🤵🏿‍♀", + U"🤵🏿‍♀️", + U"🤵🏿‍♂", + U"🤵🏿‍♂️", + U"🤶", + U"🤶🏻", + U"🤶🏼", + U"🤶🏽", + U"🤶🏾", + U"🤶🏿", + U"🤷", + U"🤷‍♀", + U"🤷‍♀️", + U"🤷‍♂", + U"🤷‍♂️", + U"🤷🏻", + U"🤷🏻‍♀", + U"🤷🏻‍♀️", + U"🤷🏻‍♂", + U"🤷🏻‍♂️", + U"🤷🏼", + U"🤷🏼‍♀", + U"🤷🏼‍♀️", + U"🤷🏼‍♂", + U"🤷🏼‍♂️", + U"🤷🏽", + U"🤷🏽‍♀", + U"🤷🏽‍♀️", + U"🤷🏽‍♂", + U"🤷🏽‍♂️", + U"🤷🏾", + U"🤷🏾‍♀", + U"🤷🏾‍♀️", + U"🤷🏾‍♂", + U"🤷🏾‍♂️", + U"🤷🏿", + U"🤷🏿‍♀", + U"🤷🏿‍♀️", + U"🤷🏿‍♂", + U"🤷🏿‍♂️", + U"🤸", + U"🤸‍♀", + U"🤸‍♀️", + U"🤸‍♂", + U"🤸‍♂️", + U"🤸🏻", + U"🤸🏻‍♀", + U"🤸🏻‍♀️", + U"🤸🏻‍♂", + U"🤸🏻‍♂️", + U"🤸🏼", + U"🤸🏼‍♀", + U"🤸🏼‍♀️", + U"🤸🏼‍♂", + U"🤸🏼‍♂️", + U"🤸🏽", + U"🤸🏽‍♀", + U"🤸🏽‍♀️", + U"🤸🏽‍♂", + U"🤸🏽‍♂️", + U"🤸🏾", + U"🤸🏾‍♀", + U"🤸🏾‍♀️", + U"🤸🏾‍♂", + U"🤸🏾‍♂️", + U"🤸🏿", + U"🤸🏿‍♀", + U"🤸🏿‍♀️", + U"🤸🏿‍♂", + U"🤸🏿‍♂️", + U"🤹", + U"🤹‍♀", + U"🤹‍♀️", + U"🤹‍♂", + U"🤹‍♂️", + U"🤹🏻", + U"🤹🏻‍♀", + U"🤹🏻‍♀️", + U"🤹🏻‍♂", + U"🤹🏻‍♂️", + U"🤹🏼", + U"🤹🏼‍♀", + U"🤹🏼‍♀️", + U"🤹🏼‍♂", + U"🤹🏼‍♂️", + U"🤹🏽", + U"🤹🏽‍♀", + U"🤹🏽‍♀️", + U"🤹🏽‍♂", + U"🤹🏽‍♂️", + U"🤹🏾", + U"🤹🏾‍♀", + U"🤹🏾‍♀️", + U"🤹🏾‍♂", + U"🤹🏾‍♂️", + U"🤹🏿", + U"🤹🏿‍♀", + U"🤹🏿‍♀️", + U"🤹🏿‍♂", + U"🤹🏿‍♂️", + }; + bool failed = false; + auto array_size = sizeof(emojis) / sizeof(emojis[0]); + for (size_t i = 0; i < array_size; i++) { + auto e = emojis[i]; + int foo; + auto answer = fast_float::from_chars(e.data(), e.data() + e.size(), foo); + if (answer.ec == std::errc()) { + failed = true; + std::cerr << "Incorrectly parsed emoji #" << i << " as integer " << foo + << "." << std::endl; + } + } + + if (failed) { + return EXIT_FAILURE; + } + } return EXIT_SUCCESS; } @@ -842,4 +1111,4 @@ int main() { std::cerr << "The test requires C++17." << std::endl; return EXIT_SUCCESS; } -#endif \ No newline at end of file +#endif