react-native icon indicating copy to clipboard operation
react-native copied to clipboard

JavaScript strings with NULL character are not handled properly

Open gaodeng opened this issue 6 years ago • 30 comments

🐛 Bug Report

JavaScript strings with NULL character are not handled properly

To Reproduce

<Text style={styles.welcome}>{'Hello \u0000 World'}</Text>

The text is cuted to Hello It does not happen when Debug JS Remotely.

Expected Behavior

Hello World

Code Example

https://github.com/gaodeng/RN-NULL-character-ISSUE

Environment

info 
  React Native Environment Info:
    System:
      OS: macOS 10.14.3
      CPU: (4) x64 Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
      Memory: 282.02 MB / 8.00 GB
      Shell: 3.2.57 - /bin/bash
    Binaries:
      Node: 10.15.1 - /usr/local/bin/node
      Yarn: 1.5.1 - /usr/local/bin/yarn
      npm: 6.8.0 - /usr/local/bin/npm
      Watchman: 4.7.0 - /usr/local/bin/watchman
    SDKs:
      iOS SDK:
        Platforms: iOS 12.1, macOS 10.14, tvOS 12.1, watchOS 5.1
      Android SDK:
        API Levels: 22, 23, 24, 25, 26, 27, 28
        Build Tools: 23.0.1, 25.0.0, 25.0.1, 25.0.2, 25.0.3, 26.0.0, 26.0.1, 26.0.2, 26.0.3, 27.0.2, 27.0.3, 28.0.0, 28.0.3
        System Images: android-18 | Google APIs Intel x86 Atom, android-22 | Google APIs Intel x86 Atom, android-23 | Google APIs Intel x86 Atom_64, android-24 | Intel x86 Atom_64, android-25 | Google APIs ARM EABI v7a, android-25 | Google APIs Intel x86 Atom_64, android-27 | Google APIs Intel x86 Atom, android-P | Google APIs Intel x86 Atom, android-P | Google Play Intel x86 Atom_64
    IDEs:
      Android Studio: 3.3 AI-182.5107.16.33.5314842
      Xcode: 10.1/10B61 - /usr/bin/xcodebuild
    npmPackages:
      react: 16.8.3 => 16.8.3 
      react-native: 0.59.1 => 0.59.1 
    npmGlobalPackages:
      create-react-native-app: 1.0.0
      react-native-cli: 2.0.1
      react-native-create-library: 3.1.2
      react-native-git-upgrade: 0.2.7
      react-native-rename: 2.1.5

gaodeng avatar Mar 25 '19 00:03 gaodeng

@kelset It's not just Text component have this issue.Any string with NULL character is cuted when It is passed to native module

gaodeng avatar Mar 26 '19 12:03 gaodeng

Uhm does this happen with both platforms? 🤔

kelset avatar Mar 26 '19 13:03 kelset

Uhm does this happen with both platforms? 🤔 @kelset

RN 0.58 ,RN 0.59 have this issue on both platforms. RN 0.57 only android platform has this issue.

gaodeng avatar Mar 26 '19 16:03 gaodeng

Confirmed repro on Android (Expo 32 => RN 0.57): https://snack.expo.io/@jkcooper/rn24129---null-string-cuts-text

JKCooper2 avatar Apr 06 '19 23:04 JKCooper2

Hi any update related to this issue? I have the same issue in my app. I use stomp protocol to communicate with other devices and stomp require null character in the end of message, but I can't send this and whole communication breaks.

Michal16511 avatar Jun 25 '19 14:06 Michal16511

no updates on my side, sorry 😓

can anyone test a repro with the latest 0.60 RC?

kelset avatar Jun 25 '19 14:06 kelset

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as a "Discussion" or add it to the "Backlog" and I will leave it open. Thank you for your contributions.

stale[bot] avatar Sep 23 '19 15:09 stale[bot]

I just tested this on an iOS Simulator running iOS 13, and React Native version 0.60.5 and this is still happening.

kelset avatar Sep 24 '19 11:09 kelset

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as a "Discussion" or add it to the "Backlog" and I will leave it open. Thank you for your contributions.

stale[bot] avatar Dec 23 '19 11:12 stale[bot]

Some update on this? I can't see any linked commit ... so probably unchanged, hm? Maybe someone could remove the stale-label again?

FibreFoX avatar Dec 23 '19 15:12 FibreFoX

It seems this bug was reported almost 3 years ago #12731. To me it looks like an issue that needs to be immediately addressed? I don't get why it is not a priority.

halaei avatar Jan 21 '20 08:01 halaei

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as a "Discussion" or add it to the "Backlog" and I will leave it open. Thank you for your contributions.

stale[bot] avatar Apr 21 '20 17:04 stale[bot]

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as a "Discussion" or add it to the "Backlog" and I will leave it open. Thank you for your contributions.

stale[bot] avatar Jul 25 '20 14:07 stale[bot]

Can some moderator please mark this as "do not close", so that ugly stale-bot does not just cover a not-fixed bug?!?

AFAIK this bug is still present and such NULL-bugs are wild to find.

FibreFoX avatar Jul 25 '20 15:07 FibreFoX

Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as a "Discussion" or add it to the "Backlog" and I will leave it open. Thank you for your contributions.

stale[bot] avatar Dec 26 '20 02:12 stale[bot]

Hey, can some admin/moderator please talk with the stale-bot? This get's kinda annoying to hold this issue up, which got kinda ignored several years ago too: https://github.com/facebook/react-native/issues/12731

FibreFoX avatar Dec 26 '20 14:12 FibreFoX

This issue still does not have any progress ... why?

FibreFoX avatar Jan 09 '21 10:01 FibreFoX

Well in the whole year of 2020 literally only 2 people aside from the bot interacted with this issue - so I think it's understandable why it's low priority. Also, if you are in dire need of a fix I would recommend working on a PR yourself, it's an open source project after all.

kelset avatar Jan 11 '21 09:01 kelset

Hm, especially problems with NULL-terminated strings someday become exploit-surface.

But please remove the stale-bot from trying to close this issue, even if it has low-priority for you, it is a bug and should not just disappear, because a bot closed it @kelset

FibreFoX avatar Jan 11 '21 09:01 FibreFoX

I guess this problem will probably never be fixed, and the best solution for now is to try to migrate to flutter or another actively maintained platform as soon as possible

gaodeng avatar Jan 15 '21 00:01 gaodeng

I think this might be a problem of the underlying JS engines (Hermes and jscore) rather than an RN one? Desktop/Browser JS engines have no problem with embedded null characters as it should be because in JS strings length is not determined by a null char but the size is actively set as a member variable in the string object.

pke avatar Feb 27 '21 22:02 pke

It even is the bridge to the engine, or the engine itself. Inproper NULL-termination often becomes some kind of attack-vector for injection attacks or buffer-overflows, therefor I can't understand why this issue doesn't gets a higher priority, especially because this issue was already opened several years ago.

FibreFoX avatar Feb 28 '21 07:02 FibreFoX

Just tested on hermes, It parses the string with null characters properly without any problem

chakrihacker avatar Feb 28 '21 12:02 chakrihacker

This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Mar 06 '23 00:03 github-actions[bot]

As there is some PR to this, probably the issue is NOT stale .... sad that there is no focus on security-related bugs.

FibreFoX avatar Mar 06 '23 06:03 FibreFoX

Thanks for the ping. I don't believe this has a security impact at the moment, as it will just cause a partial copy of the underlying buffer rather than a complete one. Please do let me know if I'm wrong.

I've reviewed #34300 but I don't believe it's ready to be merged as-is.

javache avatar Mar 06 '23 09:03 javache

This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Sep 03 '23 05:09 github-actions[bot]

This issue was closed because it has been stalled for 7 days with no activity.

github-actions[bot] avatar Sep 10 '23 05:09 github-actions[bot]

Can someone please tame the close bot please?

FibreFoX avatar Sep 12 '23 07:09 FibreFoX

Reopening as this is a valid issue

cortinico avatar Sep 12 '23 11:09 cortinico