shithub: riscv

Download patch

ref: 9e27ee094c25873c71da6488d7926c621c115c68
parent: 6dbecfb457d1625687f2338696c2b8195c831ae4
author: Ori Bernstein <[email protected]>
date: Sat Aug 1 06:54:03 EDT 2020

deroff: fix out-of-bounds access if runes above 0X80 are inside EQ clauses (thanks mmnmnnmnmm, via plan9port)

Characters greater than 0X80 will cause a read beyond the bounds of the
array chars[]. For particular unicode characters this can cause deroff
to segfault.

A minimal example:
$ deroff
.EQ
u∈
Segmentation fault

Throughout deroff, charclass() is used instead of directly indexing
chars[] so I presume this was just missed.

--- a/sys/src/cmd/deroff.c
+++ b/sys/src/cmd/deroff.c
@@ -745,7 +745,7 @@
 		}
 		if(c != '\n')
 			while(C1 != '\n') { 
-				if(chars[c] == PUNCT)
+				if(charclass(c) == PUNCT)
 					last = c;
 				else
 				if(c != ' ')