From a0c98be7709f4d7d409ddb23663fbf62b696af97 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 11 May 2017 13:25:39 +0200
Subject: [PATCH 1/2] gb18030 decoder: unwind from fourth byte when it's not a
 digit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Instead of always unwinding if there’s no code point when consuming the
fourth byte, only unwind when the fourth byte is not an ASCII digit.
This does mean that ASCII digits can be masked, but since ASCII digits
are not used as delimiter in any format this is highly unlikely to be
used in any attacks (and also matches existing implementations better).

Fixes #110.
---
 encoding.bs | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/encoding.bs b/encoding.bs
index 018d917..809b3ab 100644
--- a/encoding.bs
+++ b/encoding.bs
@@ -1641,11 +1641,13 @@ consumers of content generated with <a>GBK</a>'s <a for=/>encoder</a>.
    <li><p>Set <a>gb18030 first</a>, <a>gb18030 second</a>, and
    <a>gb18030 third</a> to 0x00.
 
-   <li><p>If <var>code point</var> is null,
-   <a>prepend</a> <var>buffer</var> to
-   <var>stream</var> and return <a>error</a>.
+   <li><p>If <var>code point</var> is non-null, return a code point whose value is
+   <var>code point</var>.
 
-   <li><p>Return a code point whose value is <var>code point</var>.
+   <li><p>If <var>byte</var> is not in the range 0x30 to 0x39, inclusive, <a>prepend</a>
+   <var>buffer</var> to <var>stream</var>.
+
+   <li><p>Return <a>error</a>.
   </ol>
 
  <li>

From 951c4714dee1eb06bc5b0b94a5d48bed2ae7eaba Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 11 May 2017 13:48:30 +0200
Subject: [PATCH 2/2] rewrite

---
 encoding.bs | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/encoding.bs b/encoding.bs
index 809b3ab..80f5f04 100644
--- a/encoding.bs
+++ b/encoding.bs
@@ -1625,29 +1625,26 @@ consumers of content generated with <a>GBK</a>'s <a for=/>encoder</a>.
   <p>If <a>gb18030 third</a> is not 0x00, then:
 
   <ol>
-   <li><p>Let <var>code point</var> be null.
+   <li>
+    <p>If <var>byte</var> is not in the range 0x30 to 0x39, inclusive, then:
 
-   <li><p>If <var>byte</var> is in the range 0x30 to 0x39, inclusive, set
-   <var>code point</var> to the
-   <a>index gb18030 ranges code point</a> for
-   ((<a>gb18030 first</a> &minus; 0x81) × (10 × 126 × 10)) +
-   ((<a>gb18030 second</a> &minus; 0x30) × (10 × 126)) +
-   ((<a>gb18030 third</a> &minus; 0x81) × 10) + <var>byte</var> &minus; 0x30.
+    <ol>
+     <li><p><a>Prepend</a> <a>gb18030 second</a>, <a>gb18030 third</a>, and <var>byte</var> to
+     <var>stream</var>.
 
-   <li><p>Let <var>buffer</var> be a byte sequence consisting of
-   <a>gb18030 second</a>, <a>gb18030 third</a>, and <var>byte</var>, in
-   order.
+     <li><p>Set <a>gb18030 first</a>, <a>gb18030 second</a>, and <a>gb18030 third</a> to 0x00.
 
-   <li><p>Set <a>gb18030 first</a>, <a>gb18030 second</a>, and
-   <a>gb18030 third</a> to 0x00.
+     <li><p>Return <a>error</a>.
+    </ol>
 
-   <li><p>If <var>code point</var> is non-null, return a code point whose value is
-   <var>code point</var>.
+   <li><p>Let <var>code point</var> be the <a>index gb18030 ranges code point</a> for
+   ((<a>gb18030 first</a> &minus; 0x81) × (10 × 126 × 10)) +
+   ((<a>gb18030 second</a> &minus; 0x30) × (10 × 126)) +
+   ((<a>gb18030 third</a> &minus; 0x81) × 10) + <var>byte</var> &minus; 0x30.
 
-   <li><p>If <var>byte</var> is not in the range 0x30 to 0x39, inclusive, <a>prepend</a>
-   <var>buffer</var> to <var>stream</var>.
+   <li><p>If <var>code point</var> is null, return <a>error</a>.
 
-   <li><p>Return <a>error</a>.
+   <li><p>Return a code point whose value is <var>code point</var>.
   </ol>
 
  <li>