Disallow Unicode conversion specifications.

This stops fish from accessing the `bool ok[UCHAR_MAX + 1]` table beyond allocated space potentially accessing memory that doesn't belong to fish, and crashing.
author: Konrad Borowski <glitchmr@myopera.com> 2013-11-27 21:16:34 +0100
committer: Konrad Borowski <glitchmr@myopera.com> 2013-11-27 21:16:34 +0100
commit: e0b78f7f2a0274e834b3d5bd73f89184fc47fe87 (patch)
tree: f05024e16d8e717efcea9b4dd60c0b26b206a1b7 /builtin_printf.cpp
parent: 1eb09f3eb26fda104ba645169562fa25263c15ab (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/builtin_printf.cpp b/builtin_printf.cpp
index 7e7daee2..1a1ab335 100644
--- a/builtin_printf.cpp
+++ b/builtin_printf.cpp
@@ -732,7 +732,7 @@ no_more_flag_characters:
 
                 {
                     wchar_t conversion = *f;
-                    if (! ok[conversion])
+                    if (conversion > 0xFF || ! ok[conversion])
                     {
                         this->fatal_error(_(L"%.*ls: invalid conversion specification"), (int)(f + 1 - direc_start), direc_start);
                         return 0;
author	Konrad Borowski <glitchmr@myopera.com>	2013-11-27 21:16:34 +0100
committer	Konrad Borowski <glitchmr@myopera.com>	2013-11-27 21:16:34 +0100
commit	e0b78f7f2a0274e834b3d5bd73f89184fc47fe87 (patch)
tree	f05024e16d8e717efcea9b4dd60c0b26b206a1b7 /builtin_printf.cpp
parent	1eb09f3eb26fda104ba645169562fa25263c15ab (diff)