diff options
| author | Pierre Le Marre <dev@wismill.eu> | 2023-09-26 17:05:14 +0200 |
|---|---|---|
| committer | Wismill <dev@wismill.eu> | 2023-09-26 17:25:49 +0200 |
| commit | 0038c866078a409b40d4d194f597768284d7ff32 (patch) | |
| tree | eaf8708d75520aa0836bb81d44a524e8e0383102 | |
| parent | ca7aa69cc0fb102cfa41edf4f9b5f1c68b2c49e5 (diff) | |
| download | libxkbcommon-0038c866078a409b40d4d194f597768284d7ff32.tar.gz libxkbcommon-0038c866078a409b40d4d194f597768284d7ff32.tar.bz2 libxkbcommon-0038c866078a409b40d4d194f597768284d7ff32.zip | |
Prevent overflow of octal escape sequences
The octal parser accepts the range `\1..\777`. The result is cast to
`char` which will silently overflow.
This commit prevents overlow and will treat `\400..\777` as invalid
escape sequences.
| -rw-r--r-- | src/scanner-utils.h | 9 | ||||
| -rw-r--r-- | test/compose.c | 6 | ||||
| -rw-r--r-- | test/data/keymaps/invalid-escape-sequence.xkb | 4 |
3 files changed, 16 insertions, 3 deletions
diff --git a/src/scanner-utils.h b/src/scanner-utils.h index f4c799e..674ecaa 100644 --- a/src/scanner-utils.h +++ b/src/scanner-utils.h @@ -188,7 +188,14 @@ scanner_oct(struct scanner *s, uint8_t *out) { int i; for (i = 0, *out = 0; scanner_peek(s) >= '0' && scanner_peek(s) <= '7' && i < 3; i++) - *out = *out * 8 + scanner_next(s) - '0'; + /* Test overflow */ + if (*out < 040) { + *out = *out * 8 + scanner_next(s) - '0'; + } else { + /* Consume valid digit, but mark result as invalid */ + scanner_next(s); + return false; + } return i > 0; } diff --git a/test/compose.c b/test/compose.c index 3d45805..8c633d7 100644 --- a/test/compose.c +++ b/test/compose.c @@ -687,7 +687,11 @@ test_traverse(struct xkb_context *ctx) static void test_escape_sequences(struct xkb_context *ctx) { - const char *table_string = "<o> <e> : \"f\\x0o\\0o\" X\n"; + /* The following escape sequences should be ignored: + * • \401 overflows + * • \0 and \x0 produce NULL + */ + const char *table_string = "<o> <e> : \"\\401f\\x0o\\0o\" X\n"; assert(test_compose_seq_buffer(ctx, table_string, XKB_KEY_o, XKB_COMPOSE_FEED_ACCEPTED, XKB_COMPOSE_COMPOSING, "", XKB_KEY_NoSymbol, diff --git a/test/data/keymaps/invalid-escape-sequence.xkb b/test/data/keymaps/invalid-escape-sequence.xkb index 99349ec..5e66f8b 100644 --- a/test/data/keymaps/invalid-escape-sequence.xkb +++ b/test/data/keymaps/invalid-escape-sequence.xkb @@ -3,7 +3,9 @@ xkb_keymap { // must be ignored. Else it would insert a NULL character and thus // truncates the string to "evde", while we expect "evdev+aliases(qwerty)". xkb_keycodes { include "evde\0v+aliases(qwerty)" }; - xkb_types { include "complete" }; + // The following include statement has two octal escape sequences that + // should be ignored, else they would overflow. + xkb_types { include "com\401ple\777te" }; xkb_compat { include "complete" }; xkb_symbols { include "pc+us" }; }; |