version 1.57, 2014/04/20 16:46:04 |
version 1.58, 2014/07/23 15:00:08 |
Line 127 mchars_num2uc(const char *p, size_t sz) |
|
Line 127 mchars_num2uc(const char *p, size_t sz) |
|
|
|
if ((i = mandoc_strntoi(p, sz, 16)) < 0) |
if ((i = mandoc_strntoi(p, sz, 16)) < 0) |
return('\0'); |
return('\0'); |
/* FIXME: make sure we're not in a bogus range. */ |
|
|
/* |
|
* Security warning: |
|
* Never extend the range of accepted characters |
|
* to overlap with the ASCII range, 0x00-0x7F |
|
* without re-auditing the callers of this function. |
|
* Some callers might relay on the fact that we never |
|
* return ASCII characters for their escaping decisions. |
|
* |
|
* XXX Code is missing here to exclude bogus ranges. |
|
*/ |
|
|
return(i > 0x80 && i <= 0x10FFFF ? i : '\0'); |
return(i > 0x80 && i <= 0x10FFFF ? i : '\0'); |
} |
} |
|
|