[groff] 07/19: [troff]: Reject some nonsense in `\X` arguments.

[G. Branden Robinson]

gbranden pushed a commit to branch master
in repository groff.

commit 9e9c5139b8a16f5614727e3e0b08ef3378fe96e1
Author: G. Branden Robinson <g.branden.robin...@gmail.com>
AuthorDate: Fri Aug 30 20:53:22 2024 -0500

    [troff]: Reject some nonsense in `\X` arguments.
    
    * src/roff/troff/input.cpp (encode_special_character_for_device_output):
      Reject tab, leader, and backspace characters in a `\X` device
      extension escape sequence argument.  Silently ignore hyphen indicator
      `\%`, dummy character `\&`, and zero-width break `\:` escape sequences
      in such arguments.
    
    Continues fixing Savannah #63074.
---
 ChangeLog                | 13 +++++++++++++
 src/roff/troff/input.cpp | 15 +++++++++------
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 94d591562..139118b47 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2024-08-30  G. Branden Robinson <g.branden.robin...@gmail.com>
+
+       [troff]: Reject some nonsense in `\X` arguments.
+
+       * src/roff/troff/input.cpp
+       (encode_special_character_for_device_output): Reject tab,
+       leader, and backspace characters in a `\X` device extension
+       escape sequence argument.  Silently ignore hyphen indicator
+       `\%`, dummy character `\&`, and zero-width break `\:` escape
+       sequences in such arguments.
+
+       Continues fixing Savannah #63074.
+
 2024-08-30  G. Branden Robinson <g.branden.robin...@gmail.com>
 
        * src/libs/libgroff/unicode.cpp (valid_unicode_code_sequence):
diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
index 178652be7..ad63047c6 100644
--- a/src/roff/troff/input.cpp
+++ b/src/roff/troff/input.cpp
@@ -5823,12 +5823,15 @@ static node *do_device_control() // \X
     unsigned char c;
     if (tok.is_space())
       c = ' ';
-    else if (tok.is_tab())
-      c = '\t';
-    else if (tok.is_leader())
-      c = '\001';
-    else if (tok.is_backspace())
-      c = '\b';
+    // TODO: Stop silently ignoring these when we have a string
+    // iterator for users and can externalize "sanitization" operations.
+    // See <https://savannah.gnu.org/bugs/?62264>.
+    else if (tok.is_hyphen_indicator())
+      continue;
+    else if (tok.is_dummy())
+      continue;
+    else if (tok.is_zero_width_break())
+      continue;
     else
       c = tok.ch();
     encode_character_for_device_output(&mac, c);

_______________________________________________
Groff-commit mailing list
Groff-commit@gnu.org
https://lists.gnu.org/mailman/listinfo/groff-commit