===================================================================
RCS file: /cvs/mandoc/chars.c,v
retrieving revision 1.55
retrieving revision 1.59
diff -u -p -r1.55 -r1.59
--- mandoc/chars.c	2014/01/22 20:58:39	1.55
+++ mandoc/chars.c	2014/08/10 23:54:41	1.59
@@ -1,4 +1,4 @@
-/*	$Id: chars.c,v 1.55 2014/01/22 20:58:39 schwarze Exp $ */
+/*	$Id: chars.c,v 1.59 2014/08/10 23:54:41 schwarze Exp $ */
 /*
  * Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,16 +15,17 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifdef HAVE_CONFIG_H
 #include "config.h"
-#endif
 
+#include <sys/types.h>
+
 #include <assert.h>
 #include <ctype.h>
 #include <stdlib.h>
 #include <string.h>
 
 #include "mandoc.h"
+#include "mandoc_aux.h"
 #include "libmandoc.h"
 
 #define	PRINT_HI	 126
@@ -51,9 +52,10 @@ struct	mchars {
 	struct ln	**htab;
 };
 
-static	const struct ln	 *find(const struct mchars *, 
+static	const struct ln	 *find(const struct mchars *,
 				const char *, size_t);
 
+
 void
 mchars_free(struct mchars *arg)
 {
@@ -110,27 +112,38 @@ mchars_spec2cp(const struct mchars *arg, const char *p
 char
 mchars_num2char(const char *p, size_t sz)
 {
-	int		  i;
+	int	  i;
 
 	if ((i = mandoc_strntoi(p, sz, 10)) < 0)
 		return('\0');
-	return(i > 0 && i < 256 && isprint(i) ? 
-			/* LINTED */ i : '\0');
+
+	return(i > 0 && i < 256 && isprint(i) ? i : '\0');
 }
 
 int
 mchars_num2uc(const char *p, size_t sz)
 {
-	int               i;
+	int	 i;
 
 	if ((i = mandoc_strntoi(p, sz, 16)) < 0)
 		return('\0');
-	/* FIXME: make sure we're not in a bogus range. */
+
+	/*
+	 * Security warning:
+	 * Never extend the range of accepted characters
+	 * to overlap with the ASCII range, 0x00-0x7F
+	 * without re-auditing the callers of this function.
+	 * Some callers might relay on the fact that we never
+	 * return ASCII characters for their escaping decisions.
+	 *
+	 * XXX Code is missing here to exclude bogus ranges.
+	 */
+
 	return(i > 0x80 && i <= 0x10FFFF ? i : '\0');
 }
 
 const char *
-mchars_spec2str(const struct mchars *arg, 
+mchars_spec2str(const struct mchars *arg,
 		const char *p, size_t sz, size_t *rsz)
 {
 	const struct ln	*ln;
@@ -159,8 +172,8 @@ find(const struct mchars *tab, const char *p, size_t s
 	hash = (int)p[0] - PRINT_LO;
 
 	for (pp = tab->htab[hash]; pp; pp = pp->next)
-		if (0 == strncmp(pp->code, p, sz) && 
-				'\0' == pp->code[(int)sz])
+		if (0 == strncmp(pp->code, p, sz) &&
+		    '\0' == pp->code[(int)sz])
 			return(pp);
 
 	return(NULL);