Skip to content

Commit

Permalink
Prevent overflow of octal escape sequences
Browse files Browse the repository at this point in the history
The octal parser accepts the range `\1..\777`. The result is cast to
`char` which will silently overflow.

This commit prevents overlow and will treat `\400..\777` as invalid
escape sequences.
  • Loading branch information
wismill committed Sep 26, 2023
1 parent ca7aa69 commit 0038c86
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 3 deletions.
9 changes: 8 additions & 1 deletion src/scanner-utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,14 @@ scanner_oct(struct scanner *s, uint8_t *out)
{
int i;
for (i = 0, *out = 0; scanner_peek(s) >= '0' && scanner_peek(s) <= '7' && i < 3; i++)
*out = *out * 8 + scanner_next(s) - '0';
/* Test overflow */
if (*out < 040) {
*out = *out * 8 + scanner_next(s) - '0';
} else {
/* Consume valid digit, but mark result as invalid */
scanner_next(s);
return false;
}
return i > 0;
}

Expand Down
6 changes: 5 additions & 1 deletion test/compose.c
Original file line number Diff line number Diff line change
Expand Up @@ -687,7 +687,11 @@ test_traverse(struct xkb_context *ctx)
static void
test_escape_sequences(struct xkb_context *ctx)
{
const char *table_string = "<o> <e> : \"f\\x0o\\0o\" X\n";
/* The following escape sequences should be ignored:
* • \401 overflows
* • \0 and \x0 produce NULL
*/
const char *table_string = "<o> <e> : \"\\401f\\x0o\\0o\" X\n";

assert(test_compose_seq_buffer(ctx, table_string,
XKB_KEY_o, XKB_COMPOSE_FEED_ACCEPTED, XKB_COMPOSE_COMPOSING, "", XKB_KEY_NoSymbol,
Expand Down
4 changes: 3 additions & 1 deletion test/data/keymaps/invalid-escape-sequence.xkb
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ xkb_keymap {
// must be ignored. Else it would insert a NULL character and thus
// truncates the string to "evde", while we expect "evdev+aliases(qwerty)".
xkb_keycodes { include "evde\0v+aliases(qwerty)" };
xkb_types { include "complete" };
// The following include statement has two octal escape sequences that
// should be ignored, else they would overflow.
xkb_types { include "com\401ple\777te" };
xkb_compat { include "complete" };
xkb_symbols { include "pc+us" };
};

0 comments on commit 0038c86

Please sign in to comment.