1UTF-8 decoder capability and stress test
2----------------------------------------
3
4Markus Kuhn <http://www.cl.cam.ac.uk/~mgk25/> - 2003-02-19
5
6This test file can help you examine, how your UTF-8 decoder handles
7various types of correct, malformed, or otherwise interesting UTF-8
8sequences. This file is not meant to be a conformance test. It does
9not prescribes any particular outcome and therefore there is no way to
10"pass" or "fail" this test file, even though the texts suggests a
11preferable decoder behaviour at some places. The aim is instead to
12help you think about and test the behaviour of your UTF-8 on a
13systematic collection of unusual inputs. Experience so far suggests
14that most first-time authors of UTF-8 decoders find at least one
15serious problem in their decoder by using this file.
16
17The test lines below cover boundary conditions, malformed UTF-8
18sequences as well as correctly encoded UTF-8 sequences of Unicode code
19points that should never occur in a correct UTF-8 file.
20
21According to ISO 10646-1:2000, sections D.7 and 2.3c, a device
22receiving UTF-8 shall interpret a "malformed sequence in the same way
23that it interprets a character that is outside the adopted subset" and
24"characters that are not within the adopted subset shall be indicated
25to the user" by a receiving device. A quite commonly used approach in
26UTF-8 decoders is to replace any malformed UTF-8 sequence by a
27replacement character (U+FFFD), which looks a bit like an inverted
28question mark, or a similar symbol. It might be a good idea to
29visually distinguish a malformed UTF-8 sequence from a correctly
30encoded Unicode character that is just not available in the current
31font but otherwise fully legal, even though ISO 10646-1 doesn't
32mandate this. In any case, just ignoring malformed sequences or
33unavailable characters does not conform to ISO 10646, will make
34debugging more difficult, and can lead to user confusion.
35
36Please check, whether a malformed UTF-8 sequence is (1) represented at
37all, (2) represented by exactly one single replacement character (or
38equivalent signal), and (3) the following quotation mark after an
39illegal UTF-8 sequence is correctly displayed, i.e. proper
40resynchronization takes place immageately after any malformed
41sequence. This file says "THE END" in the last line, so if you don't
42see that, your decoder crashed somehow before, which should always be
43cause for concern.
44
45All lines in this file are exactly 79 characters long (plus the line
46feed). In addition, all lines end with "|", except for the two test
47lines 2.1.1 and 2.2.1, which contain non-printable ASCII controls
48U+0000 and U+007F. If you display this file with a fixed-width font,
49these "|" characters should all line up in column 79 (right margin).
50This allows you to test quickly, whether your UTF-8 decoder finds the
51correct number of characters in every line, that is whether each
52malformed sequences is replaced by a single replacement character.
53
54Note that as an alternative to the notion of malformed sequence used
55here, it is also a perfectly acceptable (and in some situations even
56preferable) solution to represent each individual byte of a malformed
57sequence by a replacement character. If you follow this strategy in
58your decoder, then please ignore the "|" column.
59
60
61Here come the tests:                                                          |
62                                                                              |
631  Some correct UTF-8 text                                                    |
64                                                                              |
65(The codepoints for this test are:                                            |
66  U+03BA U+1F79 U+03C3 U+03BC U+03B5  --ryan.)                                |
67                                                                              |
68You should see the Greek word 'kosme':       "κόσμε"                          |
69                                                                              |
70                                                                              |
712  Boundary condition test cases                                              |
72                                                                              |
732.1  First possible sequence of a certain length                              |
74                                                                              |
75(byte zero skipped...there's a null added at the end of the test. --ryan.)    |
76                                                                              |
772.1.2  2 bytes (U-00000080):        "€"                                       |
782.1.3  3 bytes (U-00000800):        "ࠀ"                                       |
792.1.4  4 bytes (U-00010000):        "��"                                       |
80                                                                              |
81(5 and 6 byte sequences were made illegal in rfc3629. --ryan.)                |
822.1.5  5 bytes (U-00200000):        "�����"                                       |
832.1.6  6 bytes (U-04000000):        "������"                                       |
84                                                                              |
852.2  Last possible sequence of a certain length                               |
86                                                                              |
872.2.1  1 byte  (U-0000007F):        ""                                       |
882.2.2  2 bytes (U-000007FF):        "߿"                                       |
89                                                                              |
90(Section 5.3.2 below calls this illegal. --ryan.)                             |
912.2.3  3 bytes (U-0000FFFF):        "￿"                                       |
92                                                                              |
93(5 and 6 bytes sequences, and 4 bytes sequences > 0x10FFFF were made illegal  |
94 in rfc3629, so these next three should be replaced with a invalid            |
95 character codepoint. --ryan.)                                                |
962.2.4  4 bytes (U-001FFFFF):        "����"                                       |
972.2.5  5 bytes (U-03FFFFFF):        "�����"                                       |
982.2.6  6 bytes (U-7FFFFFFF):        "������"                                       |
99                                                                              |
1002.3  Other boundary conditions                                                |
101                                                                              |
1022.3.1  U-0000D7FF = ed 9f bf = "퟿"                                            |
1032.3.2  U-0000E000 = ee 80 80 = ""                                            |
1042.3.3  U-0000FFFD = ef bf bd = "�"                                            |
1052.3.4  U-0010FFFF = f4 8f bf bf = "��"                                         |
106                                                                              |
107(This one is bogus in rfc3629. --ryan.)                                       |
1082.3.5  U-00110000 = f4 90 80 80 = "����"                                         |
109                                                                              |
1103  Malformed sequences                                                        |
111                                                                              |
1123.1  Unexpected continuation bytes                                            |
113                                                                              |
114Each unexpected continuation byte should be separately signalled as a         |
115malformed sequence of its own.                                                |
116                                                                              |
1173.1.1  First continuation byte 0x80: "�"                                      |
1183.1.2  Last  continuation byte 0xbf: "�"                                      |
119                                                                              |
1203.1.3  2 continuation bytes: "��"                                             |
1213.1.4  3 continuation bytes: "���"                                            |
1223.1.5  4 continuation bytes: "����"                                           |
1233.1.6  5 continuation bytes: "�����"                                          |
1243.1.7  6 continuation bytes: "������"                                         |
1253.1.8  7 continuation bytes: "�������"                                        |
126                                                                              |
1273.1.9  Sequence of all 64 possible continuation bytes (0x80-0xbf):            |
128                                                                              |
129   "����������������                                                          |
130    ����������������                                                          |
131    ����������������                                                          |
132    ����������������"                                                         |
133                                                                              |
1343.2  Lonely start characters                                                  |
135                                                                              |
1363.2.1  All 32 first bytes of 2-byte sequences (0xc0-0xdf),                    |
137       each followed by a space character:                                    |
138                                                                              |
139   "� � � � � � � � � � � � � � � �                                           |
140    � � � � � � � � � � � � � � � � "                                         |
141                                                                              |
1423.2.2  All 16 first bytes of 3-byte sequences (0xe0-0xef),                    |
143       each followed by a space character:                                    |
144                                                                              |
145   "� � � � � � � � � � � � � � � � "                                         |
146                                                                              |
1473.2.3  All 8 first bytes of 4-byte sequences (0xf0-0xf7),                     |
148       each followed by a space character:                                    |
149                                                                              |
150   "� � � � � � � � "                                                         |
151                                                                              |
1523.2.4  All 4 first bytes of 5-byte sequences (0xf8-0xfb),                     |
153       each followed by a space character:                                    |
154                                                                              |
155   "� � � � "                                                                 |
156                                                                              |
1573.2.5  All 2 first bytes of 6-byte sequences (0xfc-0xfd),                     |
158       each followed by a space character:                                    |
159                                                                              |
160   "� � "                                                                     |
161                                                                              |
1623.3  Sequences with last continuation byte missing                            |
163                                                                              |
164All bytes of an incomplete sequence should be signalled as a single           |
165malformed sequence, i.e., you should see only a single replacement            |
166character in each of the next 10 tests. (Characters as in section 2)          |
167                                                                              |
1683.3.1  2-byte sequence with last byte missing (U+0000):     "�"               |
1693.3.2  3-byte sequence with last byte missing (U+0000):     "��"               |
1703.3.3  4-byte sequence with last byte missing (U+0000):     "���"               |
1713.3.4  5-byte sequence with last byte missing (U+0000):     "����"               |
1723.3.5  6-byte sequence with last byte missing (U+0000):     "�����"               |
1733.3.6  2-byte sequence with last byte missing (U-000007FF): "�"               |
1743.3.7  3-byte sequence with last byte missing (U-0000FFFF): "�"               |
1753.3.8  4-byte sequence with last byte missing (U-001FFFFF): "���"               |
1763.3.9  5-byte sequence with last byte missing (U-03FFFFFF): "����"               |
1773.3.10 6-byte sequence with last byte missing (U-7FFFFFFF): "�����"               |
178                                                                              |
1793.4  Concatenation of incomplete sequences                                    |
180                                                                              |
181All the 10 sequences of 3.3 concatenated, you should see 10 malformed         |
182sequences being signalled:                                                    |
183                                                                              |
184   "�����������������������������"                                                               |
185                                                                              |
1863.5  Impossible bytes                                                         |
187                                                                              |
188The following two bytes cannot appear in a correct UTF-8 string               |
189                                                                              |
1903.5.1  fe = "�"                                                               |
1913.5.2  ff = "�"                                                               |
1923.5.3  fe fe ff ff = "����"                                                   |
193                                                                              |
1944  Overlong sequences                                                         |
195                                                                              |
196The following sequences are not malformed according to the letter of          |
197the Unicode 2.0 standard. However, they are longer then necessary and         |
198a correct UTF-8 encoder is not allowed to produce them. A "safe UTF-8         |
199decoder" should reject them just like malformed sequences for two             |
200reasons: (1) It helps to debug applications if overlong sequences are         |
201not treated as valid representations of characters, because this helps        |
202to spot problems more quickly. (2) Overlong sequences provide                 |
203alternative representations of characters, that could maliciously be          |
204used to bypass filters that check only for ASCII characters. For              |
205instance, a 2-byte encoded line feed (LF) would not be caught by a            |
206line counter that counts only 0x0a bytes, but it would still be               |
207processed as a line feed by an unsafe UTF-8 decoder later in the              |
208pipeline. From a security point of view, ASCII compatibility of UTF-8         |
209sequences means also, that ASCII characters are *only* allowed to be          |
210represented by ASCII bytes in the range 0x00-0x7f. To ensure this             |
211aspect of ASCII compatibility, use only "safe UTF-8 decoders" that            |
212reject overlong UTF-8 sequences for which a shorter encoding exists.          |
213                                                                              |
2144.1  Examples of an overlong ASCII character                                  |
215                                                                              |
216With a safe UTF-8 decoder, all of the following five overlong                 |
217representations of the ASCII character slash ("/") should be rejected         |
218like a malformed UTF-8 sequence, for instance by substituting it with         |
219a replacement character. If you see a slash below, you do not have a          |
220safe UTF-8 decoder!                                                           |
221                                                                              |
2224.1.1 U+002F = c0 af             = "��"                                        |
2234.1.2 U+002F = e0 80 af          = "���"                                        |
2244.1.3 U+002F = f0 80 80 af       = "����"                                        |
2254.1.4 U+002F = f8 80 80 80 af    = "�����"                                        |
2264.1.5 U+002F = fc 80 80 80 80 af = "������"                                        |
227                                                                              |
2284.2  Maximum overlong sequences                                               |
229                                                                              |
230Below you see the highest Unicode value that is still resulting in an         |
231overlong sequence if represented with the given number of bytes. This         |
232is a boundary test for safe UTF-8 decoders. All five characters should        |
233be rejected like malformed UTF-8 sequences.                                   |
234                                                                              |
2354.2.1  U-0000007F = c1 bf             = "��"                                   |
2364.2.2  U-000007FF = e0 9f bf          = "���"                                   |
2374.2.3  U-0000FFFF = f0 8f bf bf       = "����"                                   |
2384.2.4  U-001FFFFF = f8 87 bf bf bf    = "�����"                                   |
2394.2.5  U-03FFFFFF = fc 83 bf bf bf bf = "������"                                   |
240                                                                              |
2414.3  Overlong representation of the NUL character                             |
242                                                                              |
243The following five sequences should also be rejected like malformed           |
244UTF-8 sequences and should not be treated like the ASCII NUL                  |
245character.                                                                    |
246                                                                              |
2474.3.1  U+0000 = c0 80             = "��"                                       |
2484.3.2  U+0000 = e0 80 80          = "���"                                       |
2494.3.3  U+0000 = f0 80 80 80       = "����"                                       |
2504.3.4  U+0000 = f8 80 80 80 80    = "�����"                                       |
2514.3.5  U+0000 = fc 80 80 80 80 80 = "������"                                       |
252                                                                              |
2535  Illegal code positions                                                     |
254                                                                              |
255The following UTF-8 sequences should be rejected like malformed               |
256sequences, because they never represent valid ISO 10646 characters and        |
257a UTF-8 decoder that accepts them might introduce security problems           |
258comparable to overlong UTF-8 sequences.                                       |
259                                                                              |
2605.1 Single UTF-16 surrogates                                                  |
261                                                                              |
2625.1.1  U+D800 = ed a0 80 = "�"                                                |
2635.1.2  U+DB7F = ed ad bf = "�"                                                |
2645.1.3  U+DB80 = ed ae 80 = "�"                                                |
2655.1.4  U+DBFF = ed af bf = "�"                                                |
2665.1.5  U+DC00 = ed b0 80 = "�"                                                |
2675.1.6  U+DF80 = ed be 80 = "�"                                                |
2685.1.7  U+DFFF = ed bf bf = "�"                                                |
269                                                                              |
2705.2 Paired UTF-16 surrogates                                                  |
271                                                                              |
2725.2.1  U+D800 U+DC00 = ed a0 80 ed b0 80 = "��"                               |
2735.2.2  U+D800 U+DFFF = ed a0 80 ed bf bf = "��"                               |
2745.2.3  U+DB7F U+DC00 = ed ad bf ed b0 80 = "��"                               |
2755.2.4  U+DB7F U+DFFF = ed ad bf ed bf bf = "��"                               |
2765.2.5  U+DB80 U+DC00 = ed ae 80 ed b0 80 = "��"                               |
2775.2.6  U+DB80 U+DFFF = ed ae 80 ed bf bf = "��"                               |
2785.2.7  U+DBFF U+DC00 = ed af bf ed b0 80 = "��"                               |
2795.2.8  U+DBFF U+DFFF = ed af bf ed bf bf = "��"                               |
280                                                                              |
2815.3 Other illegal code positions                                              |
282                                                                              |
2835.3.1  U+FFFE = ef bf be = "￾"                                                |
2845.3.2  U+FFFF = ef bf bf = "￿"                                                |
285                                                                              |
286THE END                                                                       |
287
288