version 1.57, 2014/04/20 16:46:04 |
version 1.59, 2014/08/10 23:54:41 |
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
*/ |
*/ |
#ifdef HAVE_CONFIG_H |
|
#include "config.h" |
#include "config.h" |
#endif |
|
|
|
|
#include <sys/types.h> |
|
|
#include <assert.h> |
#include <assert.h> |
#include <ctype.h> |
#include <ctype.h> |
#include <stdlib.h> |
#include <stdlib.h> |
Line 127 mchars_num2uc(const char *p, size_t sz) |
|
Line 127 mchars_num2uc(const char *p, size_t sz) |
|
|
|
if ((i = mandoc_strntoi(p, sz, 16)) < 0) |
if ((i = mandoc_strntoi(p, sz, 16)) < 0) |
return('\0'); |
return('\0'); |
/* FIXME: make sure we're not in a bogus range. */ |
|
|
/* |
|
* Security warning: |
|
* Never extend the range of accepted characters |
|
* to overlap with the ASCII range, 0x00-0x7F |
|
* without re-auditing the callers of this function. |
|
* Some callers might relay on the fact that we never |
|
* return ASCII characters for their escaping decisions. |
|
* |
|
* XXX Code is missing here to exclude bogus ranges. |
|
*/ |
|
|
return(i > 0x80 && i <= 0x10FFFF ? i : '\0'); |
return(i > 0x80 && i <= 0x10FFFF ? i : '\0'); |
} |
} |
|
|