Control: tag -1 + patch
Hi,
in the light of finding the cause and a fix for CVE-2021-26937 an
alternative patch for this issue has been posted to the screen-devel
mailing list as it seems to be caused by the same commit.
Will check if the regression from back then
(https://bugs.debian.org/677512) still occurs, and if not, apply that
patch.
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
--- Begin Message ---
On Thu, Feb 11, 2021 at 11:39:09PM +0100, Axel Beckert wrote:
> The only thing it didn't fix so far is
> https://savannah.gnu.org/bugs/?31336 aka
> https://bugs.debian.org/600246 although I really had some hope that
> this might be fixed as a side-effect of your patch. :-)
Oh, that happens because the U+3099 combining char is also matched
in utf8_isdouble(). The code in ansi.c does not expect this. Thus
this is another fallout from that commit. ;)
A simple fix (other than removing the entries from the isdouble
table) is to move the curr->w_mbcs = 0xff setting after the
combining character handling:
diff --git a/ansi.c b/ansi.c
index 2a52edd..83b266d 100644
--- a/ansi.c
+++ b/ansi.c
@@ -692,10 +692,6 @@ register int len;
}
curr->w_rend.font = 0;
}
-# ifdef DW_CHARS
- if (curr->w_encoding == UTF8 && utf8_isdouble(c))
- curr->w_mbcs = 0xff;
-# endif
if (curr->w_encoding == UTF8 && c >= 0x0300 && utf8_iscomb(c))
{
int ox, oy;
@@ -730,6 +726,10 @@ register int len;
}
break;
}
+# ifdef DW_CHARS
+ if (curr->w_encoding == UTF8 && utf8_isdouble(c))
+ curr->w_mbcs = 0xff;
+# endif
font = curr->w_rend.font;
# endif
# ifdef DW_CHARS
Cheers,
Michael.
--
Michael Schroeder SUSE Software Solutions Germany GmbH
m...@suse.de GF: Felix Imendoerffer HRB 36809, AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
--- End Message ---