1 UTF-8 decoder capability and stress test 2 ---------------------------------------- 3 4 Markus Kuhn <http://www.cl.cam.ac.uk/~mgk25/> - 2003-02-19 5 6 This test file can help you examine, how your UTF-8 decoder handles 7 various types of correct, malformed, or otherwise interesting UTF-8 8 sequences. This file is not meant to be a conformance test. It does 9 not prescribes any particular outcome and therefore there is no way to 10 "pass" or "fail" this test file, even though the texts suggests a 11 preferable decoder behaviour at some places. The aim is instead to 12 help you think about and test the behaviour of your UTF-8 on a 13 systematic collection of unusual inputs. Experience so far suggests 14 that most first-time authors of UTF-8 decoders find at least one 15 serious problem in their decoder by using this file. 16 17 The test lines below cover boundary conditions, malformed UTF-8 18 sequences as well as correctly encoded UTF-8 sequences of Unicode code 19 points that should never occur in a correct UTF-8 file. 20 21 According to ISO 10646-1:2000, sections D.7 and 2.3c, a device 22 receiving UTF-8 shall interpret a "malformed sequence in the same way 23 that it interprets a character that is outside the adopted subset" and 24 "characters that are not within the adopted subset shall be indicated 25 to the user" by a receiving device. A quite commonly used approach in 26 UTF-8 decoders is to replace any malformed UTF-8 sequence by a 27 replacement character (U+FFFD), which looks a bit like an inverted 28 question mark, or a similar symbol. It might be a good idea to 29 visually distinguish a malformed UTF-8 sequence from a correctly 30 encoded Unicode character that is just not available in the current 31 font but otherwise fully legal, even though ISO 10646-1 doesn't 32 mandate this. In any case, just ignoring malformed sequences or 33 unavailable characters does not conform to ISO 10646, will make 34 debugging more difficult, and can lead to user confusion. 35 36 Please check, whether a malformed UTF-8 sequence is (1) represented at 37 all, (2) represented by exactly one single replacement character (or 38 equivalent signal), and (3) the following quotation mark after an 39 illegal UTF-8 sequence is correctly displayed, i.e. proper 40 resynchronization takes place immageately after any malformed 41 sequence. This file says "THE END" in the last line, so if you don't 42 see that, your decoder crashed somehow before, which should always be 43 cause for concern. 44 45 All lines in this file are exactly 79 characters long (plus the line 46 feed). In addition, all lines end with "|", except for the two test 47 lines 2.1.1 and 2.2.1, which contain non-printable ASCII controls 48 U+0000 and U+007F. If you display this file with a fixed-width font, 49 these "|" characters should all line up in column 79 (right margin). 50 This allows you to test quickly, whether your UTF-8 decoder finds the 51 correct number of characters in every line, that is whether each 52 malformed sequences is replaced by a single replacement character. 53 54 Note that as an alternative to the notion of malformed sequence used 55 here, it is also a perfectly acceptable (and in some situations even 56 preferable) solution to represent each individual byte of a malformed 57 sequence by a replacement character. If you follow this strategy in 58 your decoder, then please ignore the "|" column. 59 60 61 Here come the tests: | 62 | 63 1 Some correct UTF-8 text | 64 | 65 (The codepoints for this test are: | 66 U+03BA U+1F79 U+03C3 U+03BC U+03B5 --ryan.) | 67 | 68 You should see the Greek word 'kosme': "" | 69 | 70 | 71 2 Boundary condition test cases | 72 | 73 2.1 First possible sequence of a certain length | 74 | 75 (byte zero skipped...there's a null added at the end of the test. --ryan.) | 76 | 77 2.1.2 2 bytes (U-00000080): "" | 78 2.1.3 3 bytes (U-00000800): "" | 79 2.1.4 4 bytes (U-00010000): "" | 80 | 81 (5 and 6 byte sequences were made illegal in rfc3629. --ryan.) | 82 2.1.5 5 bytes (U-00200000): "" | 83 2.1.6 6 bytes (U-04000000): "" | 84 | 85 2.2 Last possible sequence of a certain length | 86 | 87 2.2.1 1 byte (U-0000007F): "" | 88 2.2.2 2 bytes (U-000007FF): "" | 89 | 90 (Section 5.3.2 below calls this illegal. --ryan.) | 91 2.2.3 3 bytes (U-0000FFFF): "" | 92 | 93 (5 and 6 bytes sequences, and 4 bytes sequences > 0x10FFFF were made illegal | 94 in rfc3629, so these next three should be replaced with a invalid | 95 character codepoint. --ryan.) | 96 2.2.4 4 bytes (U-001FFFFF): "" | 97 2.2.5 5 bytes (U-03FFFFFF): "" | 98 2.2.6 6 bytes (U-7FFFFFFF): "" | 99 | 100 2.3 Other boundary conditions | 101 | 102 2.3.1 U-0000D7FF = ed 9f bf = "" | 103 2.3.2 U-0000E000 = ee 80 80 = "" | 104 2.3.3 U-0000FFFD = ef bf bd = "" | 105 2.3.4 U-0010FFFF = f4 8f bf bf = "" | 106 | 107 (This one is bogus in rfc3629. --ryan.) | 108 2.3.5 U-00110000 = f4 90 80 80 = "" | 109 | 110 3 Malformed sequences | 111 | 112 3.1 Unexpected continuation bytes | 113 | 114 Each unexpected continuation byte should be separately signalled as a | 115 malformed sequence of its own. | 116 | 117 3.1.1 First continuation byte 0x80: "" | 118 3.1.2 Last continuation byte 0xbf: "" | 119 | 120 3.1.3 2 continuation bytes: "" | 121 3.1.4 3 continuation bytes: "" | 122 3.1.5 4 continuation bytes: "" | 123 3.1.6 5 continuation bytes: "" | 124 3.1.7 6 continuation bytes: "" | 125 3.1.8 7 continuation bytes: "" | 126 | 127 3.1.9 Sequence of all 64 possible continuation bytes (0x80-0xbf): | 128 | 129 " | 130 | 131 | 132 " | 133 | 134 3.2 Lonely start characters | 135 | 136 3.2.1 All 32 first bytes of 2-byte sequences (0xc0-0xdf), | 137 each followed by a space character: | 138 | 139 " | 140 " | 141 | 142 3.2.2 All 16 first bytes of 3-byte sequences (0xe0-0xef), | 143 each followed by a space character: | 144 | 145 " " | 146 | 147 3.2.3 All 8 first bytes of 4-byte sequences (0xf0-0xf7), | 148 each followed by a space character: | 149 | 150 " " | 151 | 152 3.2.4 All 4 first bytes of 5-byte sequences (0xf8-0xfb), | 153 each followed by a space character: | 154 | 155 " " | 156 | 157 3.2.5 All 2 first bytes of 6-byte sequences (0xfc-0xfd), | 158 each followed by a space character: | 159 | 160 " " | 161 | 162 3.3 Sequences with last continuation byte missing | 163 | 164 All bytes of an incomplete sequence should be signalled as a single | 165 malformed sequence, i.e., you should see only a single replacement | 166 character in each of the next 10 tests. (Characters as in section 2) | 167 | 168 3.3.1 2-byte sequence with last byte missing (U+0000): "" | 169 3.3.2 3-byte sequence with last byte missing (U+0000): "" | 170 3.3.3 4-byte sequence with last byte missing (U+0000): "" | 171 3.3.4 5-byte sequence with last byte missing (U+0000): "" | 172 3.3.5 6-byte sequence with last byte missing (U+0000): "" | 173 3.3.6 2-byte sequence with last byte missing (U-000007FF): "" | 174 3.3.7 3-byte sequence with last byte missing (U-0000FFFF): "" | 175 3.3.8 4-byte sequence with last byte missing (U-001FFFFF): "" | 176 3.3.9 5-byte sequence with last byte missing (U-03FFFFFF): "" | 177 3.3.10 6-byte sequence with last byte missing (U-7FFFFFFF): "" | 178 | 179 3.4 Concatenation of incomplete sequences | 180 | 181 All the 10 sequences of 3.3 concatenated, you should see 10 malformed | 182 sequences being signalled: | 183 | 184 "" | 185 | 186 3.5 Impossible bytes | 187 | 188 The following two bytes cannot appear in a correct UTF-8 string | 189 | 190 3.5.1 fe = "" | 191 3.5.2 ff = "" | 192 3.5.3 fe fe ff ff = "" | 193 | 194 4 Overlong sequences | 195 | 196 The following sequences are not malformed according to the letter of | 197 the Unicode 2.0 standard. However, they are longer then necessary and | 198 a correct UTF-8 encoder is not allowed to produce them. A "safe UTF-8 | 199 decoder" should reject them just like malformed sequences for two | 200 reasons: (1) It helps to debug applications if overlong sequences are | 201 not treated as valid representations of characters, because this helps | 202 to spot problems more quickly. (2) Overlong sequences provide | 203 alternative representations of characters, that could maliciously be | 204 used to bypass filters that check only for ASCII characters. For | 205 instance, a 2-byte encoded line feed (LF) would not be caught by a | 206 line counter that counts only 0x0a bytes, but it would still be | 207 processed as a line feed by an unsafe UTF-8 decoder later in the | 208 pipeline. From a security point of view, ASCII compatibility of UTF-8 | 209 sequences means also, that ASCII characters are *only* allowed to be | 210 represented by ASCII bytes in the range 0x00-0x7f. To ensure this | 211 aspect of ASCII compatibility, use only "safe UTF-8 decoders" that | 212 reject overlong UTF-8 sequences for which a shorter encoding exists. | 213 | 214 4.1 Examples of an overlong ASCII character | 215 | 216 With a safe UTF-8 decoder, all of the following five overlong | 217 representations of the ASCII character slash ("/") should be rejected | 218 like a malformed UTF-8 sequence, for instance by substituting it with | 219 a replacement character. If you see a slash below, you do not have a | 220 safe UTF-8 decoder! | 221 | 222 4.1.1 U+002F = c0 af = "" | 223 4.1.2 U+002F = e0 80 af = "" | 224 4.1.3 U+002F = f0 80 80 af = "" | 225 4.1.4 U+002F = f8 80 80 80 af = "" | 226 4.1.5 U+002F = fc 80 80 80 80 af = "" | 227 | 228 4.2 Maximum overlong sequences | 229 | 230 Below you see the highest Unicode value that is still resulting in an | 231 overlong sequence if represented with the given number of bytes. This | 232 is a boundary test for safe UTF-8 decoders. All five characters should | 233 be rejected like malformed UTF-8 sequences. | 234 | 235 4.2.1 U-0000007F = c1 bf = "" | 236 4.2.2 U-000007FF = e0 9f bf = "" | 237 4.2.3 U-0000FFFF = f0 8f bf bf = "" | 238 4.2.4 U-001FFFFF = f8 87 bf bf bf = "" | 239 4.2.5 U-03FFFFFF = fc 83 bf bf bf bf = "" | 240 | 241 4.3 Overlong representation of the NUL character | 242 | 243 The following five sequences should also be rejected like malformed | 244 UTF-8 sequences and should not be treated like the ASCII NUL | 245 character. | 246 | 247 4.3.1 U+0000 = c0 80 = "" | 248 4.3.2 U+0000 = e0 80 80 = "" | 249 4.3.3 U+0000 = f0 80 80 80 = "" | 250 4.3.4 U+0000 = f8 80 80 80 80 = "" | 251 4.3.5 U+0000 = fc 80 80 80 80 80 = "" | 252 | 253 5 Illegal code positions | 254 | 255 The following UTF-8 sequences should be rejected like malformed | 256 sequences, because they never represent valid ISO 10646 characters and | 257 a UTF-8 decoder that accepts them might introduce security problems | 258 comparable to overlong UTF-8 sequences. | 259 | 260 5.1 Single UTF-16 surrogates | 261 | 262 5.1.1 U+D800 = ed a0 80 = "" | 263 5.1.2 U+DB7F = ed ad bf = "" | 264 5.1.3 U+DB80 = ed ae 80 = "" | 265 5.1.4 U+DBFF = ed af bf = "" | 266 5.1.5 U+DC00 = ed b0 80 = "" | 267 5.1.6 U+DF80 = ed be 80 = "" | 268 5.1.7 U+DFFF = ed bf bf = "" | 269 | 270 5.2 Paired UTF-16 surrogates | 271 | 272 5.2.1 U+D800 U+DC00 = ed a0 80 ed b0 80 = "" | 273 5.2.2 U+D800 U+DFFF = ed a0 80 ed bf bf = "" | 274 5.2.3 U+DB7F U+DC00 = ed ad bf ed b0 80 = "" | 275 5.2.4 U+DB7F U+DFFF = ed ad bf ed bf bf = "" | 276 5.2.5 U+DB80 U+DC00 = ed ae 80 ed b0 80 = "" | 277 5.2.6 U+DB80 U+DFFF = ed ae 80 ed bf bf = "" | 278 5.2.7 U+DBFF U+DC00 = ed af bf ed b0 80 = "" | 279 5.2.8 U+DBFF U+DFFF = ed af bf ed bf bf = "" | 280 | 281 5.3 Other illegal code positions | 282 | 283 5.3.1 U+FFFE = ef bf be = "" | 284 5.3.2 U+FFFF = ef bf bf = "" | 285 | 286 THE END | 287 288