From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from krisdoz.my.domain (schwarze@localhost [127.0.0.1]) by krisdoz.my.domain (8.14.5/8.14.5) with ESMTP id s9SDOlcu000579 for ; Tue, 28 Oct 2014 09:24:47 -0400 (EDT) Received: (from schwarze@localhost) by krisdoz.my.domain (8.14.5/8.14.3/Submit) id s9SDOiW1004916; Tue, 28 Oct 2014 09:24:44 -0400 (EDT) Date: Tue, 28 Oct 2014 09:24:44 -0400 (EDT) Message-Id: <201410281324.s9SDOiW1004916@krisdoz.my.domain> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Tighten Unicode escape name parsing. X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Tighten Unicode escape name parsing. Accept only 0xXXXX, 0xYXXXX, 0x10XXXX with Y != 0. This simplifies mchars_num2uc(). Modified Files: -------------- mdocml: chars.c mandoc.c Revision Data ------------- Index: mandoc.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mandoc.c,v retrieving revision 1.87 retrieving revision 1.88 diff -Lmandoc.c -Lmandoc.c -u -p -r1.87 -r1.88 --- mandoc.c +++ mandoc.c @@ -334,13 +334,18 @@ mandoc_escape(const char **end, const ch if (1 == *sz && 'c' == **start) gly = ESCAPE_NOSPACE; /* - * Unicode escapes are defined in groff as \[uXXXX] + * Unicode escapes are defined in groff as \[u0000] * to \[u10FFFF], where the contained value must be * a valid Unicode codepoint. Here, however, only - * check the length and the validity of all digits. + * check the length and range. */ - else if (*sz > 4 && *sz < 8 && **start == 'u' && - (int)strspn(*start + 1, "0123456789ABCDEFabcdef") + if (**start != 'u' || *sz < 5 || *sz > 7) + break; + if (*sz == 7 && ((*start)[1] != '1' || (*start)[2] != '0')) + break; + if (*sz == 6 && (*start)[1] == '0') + break; + if ((int)strspn(*start + 1, "0123456789ABCDEFabcdef") + 1 == *sz) gly = ESCAPE_UNICODE; break; Index: chars.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/chars.c,v retrieving revision 1.62 retrieving revision 1.63 diff -Lchars.c -Lchars.c -u -p -r1.62 -r1.63 --- chars.c +++ chars.c @@ -123,14 +123,9 @@ mchars_num2uc(const char *p, size_t sz) { int i; - if ((i = mandoc_strntoi(p, sz, 16)) < 0) - return(0xFFFD); - - /* - * XXX Code is missing here to exclude bogus ranges. - */ - - return(i <= 0x10FFFF ? i : 0xFFFD); + i = mandoc_strntoi(p, sz, 16); + assert(i >= 0 && i <= 0x10FFFF); + return(i); } const char * -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv