RESOLVED FIXED304238
Big5 decoder doesn't recover to emit ASCII after an invalid leading byte 
https://bugs.webkit.org/show_bug.cgi?id=304238
Summary Big5 decoder doesn't recover to emit ASCII after an invalid leading byte
Nikita Skovoroda
Reported 2025-12-16 01:17:07 PST
``` new TextDecoder('big5').decode(Uint8Array.of(0x81, 0x40)) ``` Should be `'\ufffd@'` and instead returns just `'\ufffd'` Chrome and Firefox behave correctly on this input. See spec (https://encoding.spec.whatwg.org/#big5-decoder) 11.1.1. Big5 decoder, step 3.9 > If byte is an ASCII byte, restore byte to ioQueue. Which means that `0x40` byte has to be attempted to be decoded again, which is what gives `@`.
Attachments
Add attachment proposed patch, testcase, etc.
Nikita Skovoroda
Comment 1 2025-12-16 04:25:39 PST
Related: https://github.com/nodejs/node/issues/40091 (Node.js also fails, but differently) Chrome and Firefox are correct on that testcase too (it's similar)
Darin Adler
Comment 2 2025-12-16 19:51:12 PST
I’d be happy to fix the decoder, I’d also like to see tests covering this in WPT.
Radar WebKit Bug Importer
Comment 3 2025-12-16 21:07:26 PST
<rdar://problem/166672674>
Darin Adler
Comment 4 2025-12-16 21:10:57 PST
Pull request: https://github.com/WebKit/WebKit/pull/55538
EWS
Comment 5 2025-12-17 07:44:46 PST
Committed 304591@main (5f7d3882def0): <https://commits.webkit.org/304591@main> Reviewed commits have been landed. Closing PR #55538 and removing active labels.
Nikita Skovoroda
Comment 7 2025-12-17 23:12:31 PST
There are more tests that WPT misses, see https://github.com/ExodusOSS/bytes/blob/master/tests/encoding/mistakes.test.js
Nikita Skovoroda
Comment 8 2025-12-17 23:14:06 PST
WebKit fails on some of them That (and the table at https://docs.google.com/spreadsheets/d/1pdEefRG6r9fZy61WHGz0TKSt8cO4ISWqlpBN5KntIvQ/edit) the primary place where I collect this Didn't have time to file those to WPT yet, have been filing issues to platforms Thanks for adding that test to WPT!
Darin Adler
Comment 9 2025-12-19 04:39:44 PST
I really appreciate the testing and reporting you have done for decoding bugs we can resolve in WebKit. It’s much more helpful to file new bug reports about each set of problems you find in WebKit rather than mentioning them in an already resolved bug report like this one. I’m not sure whether you intend to do that for the issues you mention above or if you are looking for someone else to do that.
Nikita Skovoroda
Comment 10 2025-12-20 13:50:04 PST
Filing over 50 reports is time-consuming I will get to that someday For now, see https://github.com/web-platform-tests/wpt/pull/56892 as the umbrella issue + all the tests combined
Nikita Skovoroda
Comment 11 2025-12-24 14:06:37 PST
Looking at this closer, this was a security issue It violates critical requirement in https://encoding.spec.whatwg.org/#security-background
Note You need to log in before you can comment on or make changes to this bug.