about summary refs log tree commit diff
path: root/ops/secrets
diff options
context:
space:
mode:
authorsterni <sternenseemann@systemli.org>2023-07-11T15·54+0200
committerclbot <clbot@tvl.fyi>2023-07-11T16·11+0000
commit4ba624efae2d63057c2bd5be23841be5017bd457 (patch)
treebf18ead4649ae11503bcefadb23550fd6763351d /ops/secrets
parent5b1c327c828f0450f4e73b0fa851dcd00f82c693 (diff)
fix(tvix/eval): use byte, not codepoint index for slicing in escape r/6404
This fixes a subtle issue which would occasionally lead to a crash (e.g.
when evaluating (pkgs.systemd.outPath with --trace-runtime): With each
character in the string that has a multi byte representation in UTF-8,
the actual byte position and what tvix thought it was would get out of
sync. This could either lead to

* Tvix swallowing characters or jumbling characters if multi byte
  characters would cause the tracked index to become out of sync with
  the byte position before the first character to be escaped, or

* Tvix crashing if (in the same situation) the out of sync index would
  be within a UTF-8 byte sequence.

Luckily, std's `char_indices()` iterator implements exactly what
`nix_escape_char()`'s original author had in mind with
`.chars().enumerate()`. Using `i + 1` for continuing is safe, since all
characters that need (in fact, can) to be escaped in Nix are represented
as a single byte in UTF-8.

Change-Id: I1c836f70cde3d72db1c644e9112852f0d824715e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8952
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Diffstat (limited to 'ops/secrets')
0 files changed, 0 insertions, 0 deletions