Harden processing of character escapes.

Weakness uncovered by fuzzing with AFL (fast) 2.30b.
The failing test case is regex syntax like
[\1111111...111abc], where the bad character escape
allows an invalid, negatively valued character object to
escape out of the parser into the system leading to an an
out-of-bounds array access in the char set code in the regex
compiler.

* parser.l (num_esc): Make sure that an out-of-range
character is mapped to zero. Set up a default value of
zero for the return variable. If the character token has
too many digits, don't pass them through strtol at all,
which will produce a garbage value. Then in the final
range check, actually replace the value with zero if it
is out of range: issuing a diagnostic is not enough.

0 files changed, 0 insertions, 0 deletions