From 056d035e4b002d0579215e3bb08737c61502eb25 Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Tue, 13 Oct 2015 23:30:50 +0000
Subject: Reject the escape sequences \[uD800] to \[uDFFF] in the parser. These
 surrogates are not valid Unicode codepoints, so treat them just like any
 other undefined character escapes: Warn about them and do not produce output.
 Issue noticed while talking to stsp@, semarie@, and bentley@.

---
 mandoc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'mandoc.c')

diff --git a/mandoc.c b/mandoc.c
index 74a312e5..ad370358 100644
--- a/mandoc.c
+++ b/mandoc.c
@@ -1,4 +1,4 @@
-/*	$Id: mandoc.c,v 1.95 2015/10/12 00:08:15 schwarze Exp $ */
+/*	$Id: mandoc.c,v 1.96 2015/10/13 23:30:50 schwarze Exp $ */
 /*
  * Copyright (c) 2008-2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2011-2015 Ingo Schwarze <schwarze@openbsd.org>
@@ -333,6 +333,9 @@ mandoc_escape(const char **end, const char **start, int *sz)
 			break;
 		if (*sz == 6 && (*start)[1] == '0')
 			break;
+		if (*sz == 5 && (*start)[1] == 'D' &&
+		    strchr("89ABCDEF", (*start)[2]) != NULL)
+			break;
 		if ((int)strspn(*start + 1, "0123456789ABCDEFabcdef")
 		    + 1 == *sz)
 			gly = ESCAPE_UNICODE;
-- 
cgit v1.2.3