ref: 3ca7c7e864a51951a3bb1da6337e5bc0c7ac1527
parent: 3debe91f3d1dd8a49ec2de5927e46e28ae9e7aad
author: Ori Bernstein <ori@eigenstate.org>
date: Sat Aug 1 06:54:03 EDT 2020
deroff: fix out-of-bounds access if runes above 0X80 are inside EQ clauses (thanks mmnmnnmnmm, via plan9port) Characters greater than 0X80 will cause a read beyond the bounds of the array chars[]. For particular unicode characters this can cause deroff to segfault. A minimal example: $ deroff .EQ u∈ Segmentation fault Throughout deroff, charclass() is used instead of directly indexing chars[] so I presume this was just missed.
--- a/sys/src/cmd/deroff.c
+++ b/sys/src/cmd/deroff.c
@@ -745,7 +745,7 @@
}
if(c != '\n')
while(C1 != '\n') { - if(chars[c] == PUNCT)
+ if(charclass(c) == PUNCT)
last = c;
else
if(c != ' ')
--
⑨