137637 2014-10-11 11:06:30 -0700 Null character causes early string termination in Web SQL 2024-03-05 12:42:22 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED WONTFIX InRadar P2 Normal --- 1 nolan webkit-unassigned aaron.oneal ap beidson bfulgham dbates simon.fraser webkit-bug-importer oldest_to_newest 1041147 0 nolan 2014-10-11 11:06:30 -0700 Steps to reproduce the problem: 1. Store a string or blob in Web SQL containing the "\u0000" character 2. Retrieve it normally 3. Notice that everything is cut off after the \u0000 What is the expected behavior? I expect the full string/blob to be returned What went wrong? The data was truncated. Here's a live example: http://bl.ocks.org/nolanlawson/9b5c13afb1ac0f7e70fe This is especially bad when storing binary blobs, because if that binary data contains the 00 byte anywhere, then it will be cut off! I've also filed an issue on Chromium, since this bug seems to have been around for awhile: https://code.google.com/p/chromium/issues/detail?id=422690 A workaround is to use "select hex()" when getting back data that may contain a null character, but this is sub-optimal for performance, especially with binary blobs. 1041148 1 239681 nolan 2014-10-11 11:07:07 -0700 Created attachment 239681 Test case in pure HTML 1058197 2 aaron.oneal 2014-12-30 11:29:21 -0800 This same issue is in the Cordova Web SQL plugin. The problem has to do with how SQLITE_TEXT columns in statement results are converted to strings. This will repro the bug: columnValue = [NSString stringWithUTF8String:(char *)sqlite3_column_text(statement, i)]; Whereas this returns the correct full-length string: columnValue = [[NSString alloc] initWithBytes:(char *)sqlite3_column_text(statement, i) length:sqlite3_column_bytes(statement, i) encoding:NSUTF8StringEncoding]; The former uses '\0' to determine string termination whereas the latter uses the specified buffer length. I'll submit a fix for the Cordova plugin. The WebKit issue is in WebCore/SQLiteStatement.cpp: http://www.opensource.apple.com/source/WebCore/WebCore-332/platform/sql/SQLiteStatement.cpp The getColumnValue() and getColumnText() functions rely on the standard String constructor: return String(reinterpret_cast<const UChar*>(sqlite3_column_text16(m_statement, col))); There is a String constructor that accepts a length, so a similar fix can probably be applied. http://www.opensource.apple.com/source/WebCore/WebCore-332/platform/text/PlatformString.h 1088589 3 webkit-bug-importer 2015-04-25 14:57:35 -0700 <rdar://problem/20699770> 2018855 4 bfulgham 2024-03-05 12:42:22 -0800 Note: WebSQL has been disabled in our modern WebKit for some time, and is only still available as a backwards-compatibility affordance for very old legacy WebKit clients. I'm going to close this as WONT FIX since this feature is long-deprecated, and is no longer available in modern Web Browsing contexts. 239681 2014-10-11 11:07:07 -0700 2014-10-11 11:07:07 -0700 Test case in pure HTML test-null-char.html text/html 2555 nolan PGh0bWw+Cjxib2R5PgogIDxoMT5UZXN0IFx1MDAwMCBzdHJpbmcgdHJ1bmNhdGlvbiBpbiBXZWIg U1FMPC9oMT4KICA8cD5EZXRhaWxzIDxhIGhyZWY9J2h0dHBzOi8vZ2l0aHViLmNvbS9wb3VjaGRi L3BvdWNoZGIvcHVsbC8xNzMxI2lzc3VlY29tbWVudC0zODYyMjM0Mic+aW4gdGhpcyBQb3VjaERC IGJ1ZzwvYT4uPC9wPgogIDxwcmUgaWQ9ImRpc3BsYXkiPjwvcHJlPgogIDxzY3JpcHQ+CiAgICAo ZnVuY3Rpb24oKSB7CiAgICAgICd1c2Ugc3RyaWN0JzsKCiAgICAgIHZhciBkaXNwbGF5ID0gZG9j dW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2Rpc3BsYXknKTsKCiAgICAgIGZ1bmN0aW9uIGxvZyhzdHIp IHsKICAgICAgICBkaXNwbGF5LmlubmVySFRNTCArPSAnXG4nICsgc3RyOwogICAgICB9CgogICAg ICBmdW5jdGlvbiBkZWNvZGVVdGY4KHN0cikgewogICAgICAgIHJldHVybiBkZWNvZGVVUklDb21w b25lbnQod2luZG93LmVzY2FwZShzdHIpKTsKICAgICAgfQoKICAgICAgZnVuY3Rpb24gcGFyc2VI ZXhTdHJpbmcoc3RyLCBlbmNvZGluZykgewogICAgICAgIHZhciByZXN1bHQgPSAnJzsKICAgICAg ICB2YXIgY2hhcldpZHRoID0gZW5jb2RpbmcgPT09ICdVVEYtOCcgPyAyIDogNDsKICAgICAgICBm b3IgKHZhciBpID0gMCwgbGVuID0gc3RyLmxlbmd0aDsgaSA8IGxlbjsgaSArPSBjaGFyV2lkdGgp IHsKICAgICAgICAgIHZhciBzdWJzdHJpbmcgPSBzdHIuc3Vic3RyaW5nKGksIGkgKyBjaGFyV2lk dGgpOwogICAgICAgICAgaWYgKGNoYXJXaWR0aCA9PT0gNCkgeyAvLyBVVEYtMTYsIHR3aWRkbGUg dGhlIGJpdHMKICAgICAgICAgICAgc3Vic3RyaW5nID0gc3Vic3RyaW5nLnN1YnN0cmluZygyLCA0 KSArIHN1YnN0cmluZy5zdWJzdHJpbmcoMCwgMik7CiAgICAgICAgICB9CiAgICAgICAgICByZXN1 bHQgKz0gU3RyaW5nLmZyb21DaGFyQ29kZShwYXJzZUludChzdWJzdHJpbmcsIDE2KSk7CiAgICAg ICAgfQogICAgICAgIHJlc3VsdCA9IGVuY29kaW5nID09PSAnVVRGLTgnID8gZGVjb2RlVXRmOChy ZXN1bHQpIDogcmVzdWx0OwogICAgICAgIHJldHVybiByZXN1bHQ7CiAgICAgIH0KCiAgICAgIHZh ciBkYiA9IG9wZW5EYXRhYmFzZSgnRGVtbycsICIxLjAiLCAiRGVtbyIsIDUwMDAwMDApOwoKICAg ICAgZGIudHJhbnNhY3Rpb24oZnVuY3Rpb24gKHR4KSB7CiAgICAgICAgdmFyIHNxbCA9ICdTRUxF Q1QgPyBBUyBteXN0cmluZyc7CiAgICAgICAgdmFyIHNxbEFyZ3MgPSBbJ2Zvb1x1MDAwMGJhcidd OwogICAgICAgIGxvZygnZXhlY3V0aW5nICInICsgc3FsICsgJyIgd2l0aCBhcmdzICcgKyBKU09O LnN0cmluZ2lmeShzcWxBcmdzKSk7CiAgICAgICAgdHguZXhlY3V0ZVNxbChzcWwsIHNxbEFyZ3Ms IGZ1bmN0aW9uICh0eCwgcmVzKSB7CiAgICAgICAgICB2YXIgbXlzdHJpbmcgPSByZXMucm93cy5p dGVtKDApLm15c3RyaW5nOwogICAgICAgICAgbG9nKCJzdHJpbmcgcmV0dXJuZWQ6ICIgKyBKU09O LnN0cmluZ2lmeShteXN0cmluZykpOwogICAgICAgICAgbG9nKCJpZiB0aGUgYnVnIGlzIHByZXNl bnQsIHRoZW4gaXQgd2lsbCBiZSBjdXQgb2ZmIGFmdGVyIFxcdTAwMDAiKTsKICAgICAgICAgIGxv ZygnXG5va2F5LCBsZXRcJ3MgdHJ5IGhleCgpIGluc3RlYWQnKTsKCiAgICAgICAgICBzcWwgPSAn U0VMRUNUIGhleCg/KSBBUyBoZXgnOwogICAgICAgICAgc3FsQXJncyA9IFsnZm9vXHUwMDAwYmFy J107CiAgICAgICAgICBsb2coJ2V4ZWN1dGluZyAiJyArIHNxbCArICciIHdpdGggYXJncyAnICsg SlNPTi5zdHJpbmdpZnkoc3FsQXJncykpOwogICAgICAgICAgdHguZXhlY3V0ZVNxbChzcWwsIHNx bEFyZ3MsIGZ1bmN0aW9uICh0eCwgcmVzKSB7CiAgICAgICAgICAgIHZhciBoZXggPSByZXMucm93 cy5pdGVtKDApLmhleDsKICAgICAgICAgICAgbG9nKCJzdHJpbmcgcmV0dXJuZWQ6ICIgKyBKU09O LnN0cmluZ2lmeShoZXgpKTsKICAgICAgICAgICAgbG9nKCJcbmxldCdzIHBhcnNlIHRoYXQgaGV4 Li4uIik7CgogICAgICAgICAgICAvLyBjYW4gZGV0ZXJtaW5lIHRoZSBEQidzIGVuY29kaW5nIGJh c2VkIG9uIHRoZSBsZW5ndGggb2YKICAgICAgICAgICAgLy8gdGhlIGhleCByZXR1cm5lZC4gcHJl LTcuMSBTYWZhcmkgaXMgVVRGLTE2LgogICAgICAgICAgICB2YXIgZW5jb2RpbmcgPSBoZXgubGVu Z3RoID09PSAxNCA/ICdVVEYtOCcgOiAnVVRGLTE2JzsKICAgICAgICAgICAgdmFyIHBhcnNlZCA9 IHBhcnNlSGV4U3RyaW5nKGhleCwgZW5jb2RpbmcpOwogICAgICAgICAgICBsb2coJ3BhcnNlZCBz dHJpbmcgaXM6ICcgKyBKU09OLnN0cmluZ2lmeShwYXJzZWQpKTsKICAgICAgICAgICAgbG9nKCJ0 aGF0J3MgZnVubnksIHRoZSB3aG9sZSBzdHJpbmcgaXMgdGhlcmUgbm93ISIpOwoKICAgICAgICAg IH0pOwogICAgICAgIH0pOwogICAgICB9LCBmdW5jdGlvbihlcnIpIHsKICAgICAgICBsb2coJ3Vu ZXhwZWN0ZWQgZXJyb3I6ICcgKyBlcnIubWVzc2FnZSk7CiAgICAgIH0sIGZ1bmN0aW9uICgpIHsK ICAgICAgfSk7CiAgICB9KSgpOwogIDwvc2NyaXB0Pgo8L2JvZHk+CjwvaHRtbD4=