Limit length of octal escape in string

Octal escapes must be 1-3 characters long. strtoul will read as many as possible, so do the conversion ourselves to limit it to at most 3.
author: Michael Forney <[email protected]> 2021-10-20 12:13:09 -0700
committer: Michael Forney <[email protected]> 2021-10-20 12:14:57 -0700
commit: 4bdc4bb8afea2df44f873a9116483daa1b913ba4 (patch)
tree: 952a36ac36443c2e7b59560ef9d19df463d6f40c
parent: 1e9bf39a1b2c47920def55f29c4b9b93c402e1d4 (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/parse.c b/parse.c
index eaa9c67..cba90dd 100644
--- a/parse.c
+++ b/parse.c
@@ -55,15 +55,13 @@ decodestring(char *s)
     size_t cap = 0;
     uint8_t *data = NULL;
     uint8_t c = 0;
+    int i;
 
-    /* The string is already validated by the parser so we omit some checks*/
+    /* The string is already validated by the parser so we omit some checks */
     while (*s) {
         if (*s == '\\') {
             s++;
-            if (*s >= '0' && *s <= '7') {
-                c = strtoul(s, &end, 8);
-                s += 2;
-            } else if (*s == 'x') {
+            if (*s == 'x') {
                 s++;
                 c = strtoul(s, &end, 16);
                 s = end - 1;
@@ -76,7 +74,11 @@ decodestring(char *s)
             } else if (*s == '\\') {
                 c = '\\';
             } else {
-                unreachable();
+                for (i = 0; i < 3 && *s >= '0' && *s <= '7'; i++, s++)
+                  c = c * 8 + (*s - '0');
+                if (i == 0)
+                  unreachable();
+                s--;
             }
         } else {
             c = *s;
author	Michael Forney <[email protected]>	2021-10-20 12:13:09 -0700
committer	Michael Forney <[email protected]>	2021-10-20 12:14:57 -0700
commit	4bdc4bb8afea2df44f873a9116483daa1b913ba4 (patch)
tree	952a36ac36443c2e7b59560ef9d19df463d6f40c
parent	1e9bf39a1b2c47920def55f29c4b9b93c402e1d4 (diff)