CFPropertyList fails to properly decode character reference for xml plists

Originator:cedric.luthi
Number:rdar://18512876 Date Originated:01-Oct-2014 02:27 PM
Status:Closed Resolved:
Product:OS X SDK Product Version:10.9.5
Classification:Serious Bug Reproducible:Always
 
Summary:
The character reference parsing in CFPropertyList.c is flawed. It manually decodes the &#ddd; string and accumulates the ddd value into the num variable which is declared as uint16_t. Because itโ€™s stored as a 16 bits variables it canโ€™t handle code points in the Supplementary Multilingual Plane.

Steps to Reproduce:
Run the attached project (Decode XML plist).

Expected Results:
Decoding the XML plist always results in decoding the ONCOMING AUTOMOBILE character: ๐Ÿš˜ (U+1F698)

Actual Results:
Decoding the XML plist with NSPropertyListSerialization (which uses CFPropertyList internally) decodes the character reference 🚘 as ๏š˜ (U+F698) instead of ๐Ÿš˜ (U+1F698). We notice that U+F698 is just U+1F698 truncated to 16 bits.

Version:
Xcode 6.0.1 (6A317) / OS X 10.9.5 (13F34)

Notes:
I have also attached a patch for CFPropertyList.c which solves this issue. Feel free to apply it.

Configuration:
Not applicable

Attachments:
'CFPropertyList.patch', 'Decode XML plist.zip', 'emoji_escaped.xml' and 'emoji.xml' were successfully uploaded.

Note for Open Radar users:
Decode XML plist is basically this code snippet: https://github.com/CocoaPods/Xcodeproj/issues/196#issuecomment-57397249
CFPropertyList.patch is available at https://gist.github.com/0xced/1bfd70558212f15c54ae

Comments

Apple Developer Relations (09-Jun-2015 09:53 PM)

We believe this issue has been addressed in the latest OS X v10.11 Developer beta. This is a pre-release OS X v10.11 update.

Please refer to the release notes for complete installation instructions.

Please test with this release. If you still have issues, please include any relevant logs or information that could help us investigate.

OS X El Capitan
https://developer.apple.com/osx/download/

By cedric.luthi at Dec. 4, 2015, 7:34 a.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!