Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s2tXy-0079TG-9U for pgsql-hackers@arkaria.postgresql.org; Fri, 03 May 2024 14:05:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s2tXv-009jn3-Jg for pgsql-hackers@arkaria.postgresql.org; Fri, 03 May 2024 14:05:56 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s2tXv-009jmv-9S for pgsql-hackers@lists.postgresql.org; Fri, 03 May 2024 14:05:56 +0000 Received: from mail-qk1-x731.google.com ([2607:f8b0:4864:20::731]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s2tXq-001Fic-Cg for pgsql-hackers@postgresql.org; Fri, 03 May 2024 14:05:54 +0000 Received: by mail-qk1-x731.google.com with SMTP id af79cd13be357-790605809cbso777268885a.3 for ; Fri, 03 May 2024 07:05:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1714745149; x=1715349949; darn=postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=gihYR1HjvV0HS+HoYNe9MvIzoQa92sMdP/L+kTQ+1XA=; b=UfH4Da/Kb+4+i1j5eoocLir5EM+C9nE8VW09lCBI0wSqo6yeI+1tAEzkEiCgpSMvUf uo3Z63RNfXgThxbzsW5SlW7yijo2ZBHRYLhoiEHrQPTkJ4txLCYoya11AJhtUT5sZnND vfl+Bwq2O3vOm0IT404ROJzNJe0HY1KMTWk20uoTMTb6ZL07Xmx7E00UUcfl+ea+2FNb SJdiUVJ503UVx51C69cEyAEUsBQPpzSwGaJezQffSuqtC7ARoe63KsiPHyhSvjdpBJ3m Mskei52cqmFvujMDAPACpUL7n/1DNMJpZUJoAlp/RK0ijTUKOcNuQ13Mvy8NJ02GAv/q evaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714745149; x=1715349949; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gihYR1HjvV0HS+HoYNe9MvIzoQa92sMdP/L+kTQ+1XA=; b=N+XRpn5rysTobMqeZ056OCjKXA1L4WnscZ9/zLtILZcOLirWKwqerftpyrdf2IWcAH u8dHKfNcuiAYIHLSiwMIK+65BJNHU3AOTUgDr/bqWHaUwwKYH65sZxiD/3OY3jHtAChJ ux8ZN1oNW61wTFA+gzzATS/Ep4GObvA5in2Rzq9wsCTOA5ADGod2ou+GZn7K3vdaWhbG bZyXMlGow+FZWVSvvjT0NspbVAsnviwAEv+OAxwb7yYSUbAKcK+xoId4IbFSiFlcVjIH 2Pvss2yBlCFa9B3dTyWc8UzuNsC3Q6PTNEgJG2oI2mdeZr2ynuO/AQA6HyILoaGsLugb 16gg== X-Gm-Message-State: AOJu0Yxe6IRQ+pVAxo4WZZLwXmH7Vs/eoGEtROS2uJmTTqgnfIXOPHTZ BS7RvFWmbtf4FrPU0UShrPETvV6s7CHxrot66Udygnf5UT6sDMGzb5KqVmjN7elfpZUJI+Mv16c CzXHJ/k8XItDIrAepHv9rZ3gwg2rHZHs3lrooNWXmUQUtyTg= X-Google-Smtp-Source: AGHT+IHXzf5OlrCmeEtA0FG8DRnFSZs6Ef0NfgDt2Ji4Ugeu2r+d8A1uS0dglC1FG4pKEpd91dyrFsXtrIousrexMpU= X-Received: by 2002:a05:6214:202c:b0:6a0:9497:995f with SMTP id 12-20020a056214202c00b006a09497995fmr2969193qvf.8.1714745149234; Fri, 03 May 2024 07:05:49 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jacob Champion Date: Fri, 3 May 2024 07:05:38 -0700 Message-ID: Subject: Re: [PATCH] json_lex_string: don't overread on bad UTF8 To: Peter Eisentraut Cc: PostgreSQL Hackers , Andrew Dunstan , Michael Paquier Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, May 3, 2024 at 4:54=E2=80=AFAM Peter Eisentraut wrote: > > On 30.04.24 19:39, Jacob Champion wrote: > > Tangentially: Should we maybe rethink pieces of the json_lex_string > > error handling? For example, do we really want to echo an incomplete > > multibyte sequence once we know it's bad? > > I can't quite find the place you might be looking at in > json_lex_string(), (json_lex_string() reports the beginning and end of the "area of interest" via the JsonLexContext; it's json_errdetail() that turns that into an error message.) > but for the general encoding conversion we have what > would appear to be the same behavior in report_invalid_encoding(), and > we go out of our way there to produce a verbose error message including > the invalid data. We could port something like that to src/common. IMO that'd be more suited for an actual conversion routine, though, as opposed to a parser that for the most part assumes you didn't lie about the input encoding and is just trying not to crash if you're wrong. Most of the time, the parser just copies bytes between delimiters around and it's up to the caller to handle encodings... the exceptions to that are the \uXXXX escapes and the error handling. Offhand, are all of our supported frontend encodings self-synchronizing? By that I mean, is it safe to print a partial byte sequence if the locale isn't UTF-8? (As I type this I'm starting at Shift-JIS, and thinking "probably not.") Actually -- hopefully this is not too much of a tangent -- that further crystallizes a vague unease about the API that I have. The JsonLexContext is initialized with something called the "input_encoding", but that encoding is necessarily also the output encoding for parsed string literals and error messages. For the server side that's fine, but frontend clients have the input_encoding locked to UTF-8, which seems like it might cause problems? Maybe I'm missing code somewhere, but I don't see a conversion routine from json_errdetail() to the actual client/locale encoding. (And the parser does not support multibyte input_encodings that contain ASCII in trail bytes.) Thanks, --Jacob