Bug 137637

Summary:

Null character causes early string termination in Web SQL

Product:

WebKit

Reporter:

Nolan Lawson <nolan>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED WONTFIX

Severity:

Normal

CC:

aaron.oneal, ap, beidson, bfulgham, dbates, simon.fraser, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Test case in pure HTML	none

Description Nolan Lawson 2014-10-11 11:06:30 PDT

Steps to reproduce the problem:
1. Store a string or blob in Web SQL containing the "\u0000" character
2. Retrieve it normally
3. Notice that everything is cut off after the \u0000

What is the expected behavior?
I expect the full string/blob to be returned

What went wrong?
The data was truncated. Here's a live example: http://bl.ocks.org/nolanlawson/9b5c13afb1ac0f7e70fe

This is especially bad when storing binary blobs, because if that binary data contains the 00 byte anywhere, then it will be cut off!

I've also filed an issue on Chromium, since this bug seems to have been around for awhile: https://code.google.com/p/chromium/issues/detail?id=422690

A workaround is to use "select hex()" when getting back data that may contain a null character, but this is sub-optimal for performance, especially with binary blobs.

Comment 1 Nolan Lawson 2014-10-11 11:07:07 PDT

Created attachment 239681 [details]
Test case in pure HTML

Comment 2 Aaron Oneal 2014-12-30 11:29:21 PST

This same issue is in the Cordova Web SQL plugin.

The problem has to do with how SQLITE_TEXT columns in statement results are converted to strings.

This will repro the bug:

columnValue = [NSString stringWithUTF8String:(char *)sqlite3_column_text(statement, i)];

Whereas this returns the correct full-length string:

columnValue = [[NSString alloc] initWithBytes:(char *)sqlite3_column_text(statement, i)
                                       length:sqlite3_column_bytes(statement, i)
                                     encoding:NSUTF8StringEncoding];

The former uses '\0' to determine string termination whereas the latter uses the specified buffer length.

I'll submit a fix for the Cordova plugin.

The WebKit issue is in WebCore/SQLiteStatement.cpp:

http://www.opensource.apple.com/source/WebCore/WebCore-332/platform/sql/SQLiteStatement.cpp

The getColumnValue() and getColumnText() functions rely on the standard String constructor:

return String(reinterpret_cast<const UChar*>(sqlite3_column_text16(m_statement, col)));

There is a String constructor that accepts a length, so a similar fix can probably be applied.

http://www.opensource.apple.com/source/WebCore/WebCore-332/platform/text/PlatformString.h

Comment 3 Radar WebKit Bug Importer 2015-04-25 14:57:35 PDT

<rdar://problem/20699770>

Comment 4 Brent Fulgham 2024-03-05 12:42:22 PST

Note: WebSQL has been disabled in our modern WebKit for some time, and is only still available as a backwards-compatibility affordance for very old legacy WebKit clients.

I'm going to close this as WONT FIX since this feature is long-deprecated, and is no longer available in modern Web Browsing contexts.