Bug 304238

Summary:	Big5 decoder doesn't recover to emit ASCII after an invalid leading byte
Product:	WebKit	Reporter:	Nikita Skovoroda <chalkerx>
Component:	Platform	Assignee:	Darin Adler <darin>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	achristensen, annevk, darin, ntim, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://github.com/web-platform-tests/wpt/pull/56844

Nikita Skovoroda

Reported 2025-12-16 01:17:07 PST

``` new TextDecoder('big5').decode(Uint8Array.of(0x81, 0x40)) ``` Should be `'\ufffd@'` and instead returns just `'\ufffd'` Chrome and Firefox behave correctly on this input. See spec (https://encoding.spec.whatwg.org/#big5-decoder) 11.1.1. Big5 decoder, step 3.9 > If byte is an ASCII byte, restore byte to ioQueue. Which means that `0x40` byte has to be attempted to be decoded again, which is what gives `@`.

Attachments
Add attachment proposed patch, testcase, etc.

Nikita Skovoroda

Comment 1 2025-12-16 04:25:39 PST

Related: https://github.com/nodejs/node/issues/40091 (Node.js also fails, but differently) Chrome and Firefox are correct on that testcase too (it's similar)

Darin Adler

Comment 2 2025-12-16 19:51:12 PST

I’d be happy to fix the decoder, I’d also like to see tests covering this in WPT.

Radar WebKit Bug Importer

Comment 3 2025-12-16 21:07:26 PST

<rdar://problem/166672674>

Darin Adler

Comment 4 2025-12-16 21:10:57 PST

Pull request: https://github.com/WebKit/WebKit/pull/55538

EWS

Comment 5 2025-12-17 07:44:46 PST

Committed 304591@main (5f7d3882def0): <https://commits.webkit.org/304591@main> Reviewed commits have been landed. Closing PR #55538 and removing active labels.

Darin Adler

Comment 6 2025-12-17 19:39:24 PST

https://github.com/web-platform-tests/wpt/pull/56844

Nikita Skovoroda

Comment 7 2025-12-17 23:12:31 PST

There are more tests that WPT misses, see https://github.com/ExodusOSS/bytes/blob/master/tests/encoding/mistakes.test.js

Nikita Skovoroda

Comment 8 2025-12-17 23:14:06 PST

WebKit fails on some of them That (and the table at https://docs.google.com/spreadsheets/d/1pdEefRG6r9fZy61WHGz0TKSt8cO4ISWqlpBN5KntIvQ/edit) the primary place where I collect this Didn't have time to file those to WPT yet, have been filing issues to platforms Thanks for adding that test to WPT!

Darin Adler

Comment 9 2025-12-19 04:39:44 PST

I really appreciate the testing and reporting you have done for decoding bugs we can resolve in WebKit. It’s much more helpful to file new bug reports about each set of problems you find in WebKit rather than mentioning them in an already resolved bug report like this one. I’m not sure whether you intend to do that for the issues you mention above or if you are looking for someone else to do that.

Nikita Skovoroda

Comment 10 2025-12-20 13:50:04 PST

Filing over 50 reports is time-consuming I will get to that someday For now, see https://github.com/web-platform-tests/wpt/pull/56892 as the umbrella issue + all the tests combined

Nikita Skovoroda

Comment 11 2025-12-24 14:06:37 PST

Looking at this closer, this was a security issue It violates critical requirement in https://encoding.spec.whatwg.org/#security-background

Note You need to log in before you can comment on or make changes to this bug.