correction possible bug maybe if fast-path detects an UTF-8 violation…#98
Conversation
|
@Seldaek I found a possibility with low probability that my code may hide an UTF-8 violation that would be detected by mb_check_encoding or preg_match. It shouldn't be the case with current UTF-8. But if some version of Unicode or another RFC for UTF-8 add further restrictions, it may be the case that mb_check_encoding or preg_match will be patched before my code. So this PR will allow to detect it. |
47d4f28 to
8fef11c
Compare
… but my code doesn't.
8fef11c to
30dda49
Compare
|
@Seldaek Sorry for the 3 force-with-lease. It should be almost pixel perfect now. I don't see anything else to improve before merging. |
Good point, but I think the code could be simplified a lot, not sure why you added that new argument but see last commit I pushed does that make sense to you? |
|
Hello @Seldaek :),
In fact, from a feature complete point of view, I'm wondering if there would be real use cases, where it is convenient to use only the fast path inside some code, but be able to replay some "data integration" with my enhanced UTF-8 error code detection to analyze what happened (post-mortem) without having to modify a lot of code. |
|
Imagine something like a DDOS protection, where it is fast-path only, and only random sampling of the attack data is done for full analysis. |
You could skip the fast path yes. But the only tests worth it are testing that the code below detects an error, and if it detects an error the fast path will not early-return, so it will run the code below. So I don't think this is a valid point.
I don't see how disabling the fast path is useful to any one, it just removes an optimization, runs slower, but will not detect anything more or less. If you want to skip detection for some and do sub-sampling then you could just call the Utf8Validator for a subset of content? |
I would not assume that the only tests worth it are on my code.
Imagine you disabled the slow-path during a DDOS, but sampled files for post-mortem analysis. |
|
I see but yeah I think I'm gonna have to say I disagree and maybe it's best to keep the feature creep to your other project then ;) I think this is good enough for the purposes of this project. |
Probably. |
|
Yup :) You can also watch this repo for new issues, because it sees such low traffic as it is quite stable, it shouldn't spam you too much with irrelevant infos. |
… but my code doesn't.