ref: 9e27ee094c25873c71da6488d7926c621c115c68
parent: 6dbecfb457d1625687f2338696c2b8195c831ae4
author: Ori Bernstein <ori@eigenstate.org>
date: Sat Aug 1 06:54:03 EDT 2020
deroff: fix out-of-bounds access if runes above 0X80 are inside EQ clauses (thanks mmnmnnmnmm, via plan9port) Characters greater than 0X80 will cause a read beyond the bounds of the array chars[]. For particular unicode characters this can cause deroff to segfault. A minimal example: $ deroff .EQ u∈ Segmentation fault Throughout deroff, charclass() is used instead of directly indexing chars[] so I presume this was just missed.
--- a/sys/src/cmd/deroff.c
+++ b/sys/src/cmd/deroff.c
@@ -745,7 +745,7 @@
}
if(c != '\n')
while(C1 != '\n') { - if(chars[c] == PUNCT)
+ if(charclass(c) == PUNCT)
last = c;
else
if(c != ' ')
--
⑨