On Wednesday 13 November 2019 20:37:06 Damyan Ivanov wrote:
> -=| André Warnier (tomcat/perl), 13.11.2019 19:12:10 +0100 |=-
> > while (my $sz = $f->read(my $buffer, BUFF_LEN)) {
> > ..
> >
> > and then I need to pass this data to another module for processing
> > (Template::Toolkit).
> > To make a long story short, Template::Toolkit misinterprets the data I'm
> > sending to it, because this data /is/ actually UTF-8, but apparently not
> > marked so internally by the $f->read(). So TT2 re-encodes it, leading to
> > double UTF-8 encoding.
> >
> > My question is : can I - and how -, set the filehandle that corresponds to
> > the $f->read(), to a UTF-8 layer ?
> > I have tried
> >
> > line 155: binmode($f,'encoding:(UTF-8)');
> >
> > and that triggers an error :
> > Not a GLOB reference at (my filter) line 155.\n
> > )
> >
> > Or do I need to read the data 'as is', and separately do an
> >
> > $decoded_buffer = decode('UTF-8', $buffer);
>
> There's a middle ground - partial decoding. See Encode(1)/FB_QUIET:
>
> If CHECK is set to "Encode::FB_QUIET", encoding and decoding
> immediately return the portion of the data that has been processed so
> far when an error occurs. The data argument is overwritten with
> everything after that point; that is, the unprocessed portion of the
> data. This is handy when you have to call "decode" repeatedly in the
> case where your source data may contain partial multi-byte character
> sequences, (that is, you are reading with a fixed-width buffer). Here's
> some sample code to do exactly that:
>
> my($buffer, $string) = ("", "");
> while (read($fh, $buffer, 256, length($buffer))) {
> $string .= decode($encoding, $buffer, Encode::FB_QUIET);
> # $buffer now contains the unprocessed partial character
> }
This code is dangerous. It can enter into endless loop. Once you read
invalid UTF-8 sequence, above loop never finish. So if buffer input is
under user/attacker control you introduce DoS issues.
Instead of FB_QUIET, you should use Encode::STOP_AT_PARTIAL flag. This
is the flag which you want to use. Encode::decode stops decoding when
valid UTF-8 sequence is not complete and needs more bytes to read. And
by default invalid UTF-8 sequences are mapped to Unicode replacement
character.
Btw, PerlIO::encoding uses also Encode::STOP_AT_PARTIAL flag to handle
this situation.
PS: I know that Encode::STOP_AT_PARTIAL is undocumented, but it is only
because nobody found time to write documentation for it. It is part of
Encode API and ready to use...
>
> Looks exactly like your case.
>
>
> -- Damyan
