===================================================================
RCS file: /cvs/mandoc/chars.c,v
retrieving revision 1.49
retrieving revision 1.58
diff -u -p -r1.49 -r1.58
--- mandoc/chars.c	2011/07/22 14:15:15	1.49
+++ mandoc/chars.c	2014/07/23 15:00:08	1.58
@@ -1,6 +1,6 @@
-/*	$Id: chars.c,v 1.49 2011/07/22 14:15:15 kristaps Exp $ */
+/*	$Id: chars.c,v 1.58 2014/07/23 15:00:08 schwarze Exp $ */
 /*
- * Copyright (c) 2009, 2010 Kristaps Dzonsons <kristaps@bsd.lv>
+ * Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -25,6 +25,7 @@
 #include <string.h>
 
 #include "mandoc.h"
+#include "mandoc_aux.h"
 #include "libmandoc.h"
 
 #define	PRINT_HI	 126
@@ -37,7 +38,7 @@ struct	ln {
 	int		  unicode;
 };
 
-#define	LINES_MAX	  328
+#define	LINES_MAX	  330
 
 #define CHAR(in, ch, code) \
 	{ NULL, (in), (ch), (code) },
@@ -51,8 +52,10 @@ struct	mchars {
 	struct ln	**htab;
 };
 
-static	const struct ln	 *find(struct mchars *, const char *, size_t);
+static	const struct ln	 *find(const struct mchars *,
+				const char *, size_t);
 
+
 void
 mchars_free(struct mchars *arg)
 {
@@ -76,7 +79,7 @@ mchars_alloc(void)
 	 */
 
 	tab = mandoc_malloc(sizeof(struct mchars));
-	htab = mandoc_calloc(PRINT_HI - PRINT_LO + 1, sizeof(struct ln **));
+	htab = mandoc_calloc(PRINT_HI - PRINT_LO + 1, sizeof(struct ln *));
 
 	for (i = 0; i < LINES_MAX; i++) {
 		hash = (int)lines[i].code[0] - PRINT_LO;
@@ -96,7 +99,7 @@ mchars_alloc(void)
 }
 
 int
-mchars_spec2cp(struct mchars *arg, const char *p, size_t sz)
+mchars_spec2cp(const struct mchars *arg, const char *p, size_t sz)
 {
 	const struct ln	*ln;
 
@@ -109,41 +112,56 @@ mchars_spec2cp(struct mchars *arg, const char *p, size
 char
 mchars_num2char(const char *p, size_t sz)
 {
-	int		  i;
+	int	  i;
 
 	if ((i = mandoc_strntoi(p, sz, 10)) < 0)
 		return('\0');
-	return(isprint(i) ? i : '\0');
+
+	return(i > 0 && i < 256 && isprint(i) ? i : '\0');
 }
 
 int
 mchars_num2uc(const char *p, size_t sz)
 {
-	int               i;
+	int	 i;
 
 	if ((i = mandoc_strntoi(p, sz, 16)) < 0)
 		return('\0');
-	/* FIXME: make sure we're not in a bogus range. */
+
+	/*
+	 * Security warning:
+	 * Never extend the range of accepted characters
+	 * to overlap with the ASCII range, 0x00-0x7F
+	 * without re-auditing the callers of this function.
+	 * Some callers might relay on the fact that we never
+	 * return ASCII characters for their escaping decisions.
+	 *
+	 * XXX Code is missing here to exclude bogus ranges.
+	 */
+
 	return(i > 0x80 && i <= 0x10FFFF ? i : '\0');
 }
 
 const char *
-mchars_spec2str(struct mchars *arg, const char *p, size_t sz, size_t *rsz)
+mchars_spec2str(const struct mchars *arg,
+		const char *p, size_t sz, size_t *rsz)
 {
 	const struct ln	*ln;
 
 	ln = find(arg, p, sz);
-	if (NULL == ln)
+	if (NULL == ln) {
+		*rsz = 1;
 		return(NULL);
+	}
 
 	*rsz = strlen(ln->ascii);
 	return(ln->ascii);
 }
 
 static const struct ln *
-find(struct mchars *tab, const char *p, size_t sz)
+find(const struct mchars *tab, const char *p, size_t sz)
 {
-	struct ln	 *pp;
+	const struct ln	 *pp;
 	int		  hash;
 
 	assert(p);
@@ -154,8 +172,8 @@ find(struct mchars *tab, const char *p, size_t sz)
 	hash = (int)p[0] - PRINT_LO;
 
 	for (pp = tab->htab[hash]; pp; pp = pp->next)
-		if (0 == strncmp(pp->code, p, sz) && 
-				'\0' == pp->code[(int)sz])
+		if (0 == strncmp(pp->code, p, sz) &&
+		    '\0' == pp->code[(int)sz])
 			return(pp);
 
 	return(NULL);