Issue #96 resolved

Error message strings are not encoded correctly

created an issue

Error message strings raised by the pg gem (0.12.0) are of the ASCII-8BIT type.

This can cause an issue concatenating those messages in exception handlers; Rails follows the vulnerable pattern here:

The attempt to concatenate the SQL (likely in the database's encoding) and the error message (ASCII-8BIT) will raise an incompatible character encodings exception IF the error message emitted by PostgreSQL contains some high-bit characters from the original query. A short demonstration script:

In Rails, this causes the real error to be masked (here, an unescaped single quote) in favor of a spurious encoding mismatch.

This could be worked around in the formatting code in Rails, but it seems like emitting ASCII-8BIT is not exactly what is wanted here, so I wanted to open the issue on this side instead. Let me know if this is not the proper place for that.

If this seems like a bug and not a feature:

Possible solutions that seem reasonable to me: detect and properly pass thru the encoding of the error message from PostgreSQL (but I don't know how to do that), or explicitly encode the raised message string as the database encoding type, or at least the setting of Encoding.default_internal. I could try to create a patch and/or pull request for either of these last two.

Comments (7)

  1. Michael Granger repo owner

    Reproduced in a spec:

      1) multinationalization support encodes exception messages with the connection's encoding (#96)
         Failure/Error: err.message.encoding.should == Encoding::UTF_8
           expected: #<Encoding:UTF-8>
                got: #<Encoding:ASCII-8BIT> (using ==)
           @@ -1,2 +1,2 @@
         # ./spec/m17n_spec.rb:164:in `rescue in block (2 levels) in <top (required)>'
         # ./spec/m17n_spec.rb:161:in `block (2 levels) in <top (required)>'
  2. Michael Granger repo owner

    I want to take a second to thank you: this is a perfect example of a bug report that's a joy to work with. It has a concise description of the problem, how it affects other systems, a minimal code example written in terms of the library itself, and suggestions for possible fixes along with a demonstration of the willingness to do the work yourself. Double bonus points for being from a registered user. Issues like this are what make maintaining code worthwhile.

  3. Log in to comment