From 480c7e5dfbddafa763f241aecfe3831d2b3dfca5 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Thu, 29 Nov 2018 12:34:50 +0100 Subject: [PATCH] libbb: @ in "\x3@" is not a valid hex digit function old new delta bb_process_escape_sequence 134 141 +7 Signed-off-by: Denys Vlasenko --- libbb/process_escape_sequence.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libbb/process_escape_sequence.c b/libbb/process_escape_sequence.c index 59d0d3ea8..11adbfcea 100644 --- a/libbb/process_escape_sequence.c +++ b/libbb/process_escape_sequence.c @@ -41,8 +41,16 @@ char FAST_FUNC bb_process_escape_sequence(const char **ptr) unsigned d = (unsigned char)(*q) - '0'; #else unsigned d = (unsigned char)_tolower(*q) - '0'; - if (d >= 10) - d += ('0' - 'a' + 10); + if (d >= 10) { + //d += ('0' - 'a' + 10); + /* The above would maps 'A'-'F' and 'a'-'f' to 10-15, + * however, some chars like '@' would map to 9 < base. + * Do not allow that, map invalid chars to N > base: + */ + d += ('0' - 'a'); + if ((int)d >= 0) + d += 10; + } #endif if (d >= base) { if (WANT_HEX_ESCAPES && base == 16) { -- 2.25.1