diff options
Diffstat (limited to 'chars.c')
| -rw-r--r-- | chars.c | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -127,7 +127,18 @@ mchars_num2uc(const char *p, size_t sz) if ((i = mandoc_strntoi(p, sz, 16)) < 0) return('\0'); - /* FIXME: make sure we're not in a bogus range. */ + + /* + * Security warning: + * Never extend the range of accepted characters + * to overlap with the ASCII range, 0x00-0x7F + * without re-auditing the callers of this function. + * Some callers might relay on the fact that we never + * return ASCII characters for their escaping decisions. + * + * XXX Code is missing here to exclude bogus ranges. + */ + return(i > 0x80 && i <= 0x10FFFF ? i : '\0'); } |