diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2015-10-13 23:30:50 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2015-10-13 23:30:50 +0000 |
commit | 056d035e4b002d0579215e3bb08737c61502eb25 (patch) | |
tree | eb5892e2bca37a4684a98318b895877adb20bede | |
parent | 35c319dedab41299e8ad1ec62697c36315fb88da (diff) | |
download | mandoc-056d035e4b002d0579215e3bb08737c61502eb25.tar.gz mandoc-056d035e4b002d0579215e3bb08737c61502eb25.tar.zst mandoc-056d035e4b002d0579215e3bb08737c61502eb25.zip |
Reject the escape sequences \[uD800] to \[uDFFF] in the parser.
These surrogates are not valid Unicode codepoints,
so treat them just like any other undefined character escapes:
Warn about them and do not produce output.
Issue noticed while talking to stsp@, semarie@, and bentley@.
-rw-r--r-- | mandoc.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $Id: mandoc.c,v 1.95 2015/10/12 00:08:15 schwarze Exp $ */ +/* $Id: mandoc.c,v 1.96 2015/10/13 23:30:50 schwarze Exp $ */ /* * Copyright (c) 2008-2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2011-2015 Ingo Schwarze <schwarze@openbsd.org> @@ -333,6 +333,9 @@ mandoc_escape(const char **end, const char **start, int *sz) break; if (*sz == 6 && (*start)[1] == '0') break; + if (*sz == 5 && (*start)[1] == 'D' && + strchr("89ABCDEF", (*start)[2]) != NULL) + break; if ((int)strspn(*start + 1, "0123456789ABCDEFabcdef") + 1 == *sz) gly = ESCAPE_UNICODE; |