From: Mattias Engdegård <mattiase@acm.org>
Date: Sun, 6 Mar 2022 09:50:27 +0000 (+0100)
Subject: Don't accept whitespace or hex floats in rgbi: colour specs
X-Git-Tag: emacs-29.0.90~1993
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=6eeab90632506348a58d264eb3304625756c8659;p=emacs.git

Don't accept whitespace or hex floats in rgbi: colour specs

`color-values-from-color-spec` (new in Emacs 28) erroneously accepted
leading whitespace and hex floats in rgbi: components.

Reported by Philip Kaludercic.

* src/xfaces.c (parse_float_color_comp): Disallow leading whitespace
and hex floats.
* test/src/xfaces-tests.el
(xfaces-internal-color-values-from-color-spec): Add test cases.
---

diff --git a/src/xfaces.c b/src/xfaces.c
index 8100bdb1570..1d2e2489de1 100644
--- a/src/xfaces.c
+++ b/src/xfaces.c
@@ -888,6 +888,11 @@ parse_hex_color_comp (const char *s, const char *e, unsigned short *dst)
 static double
 parse_float_color_comp (const char *s, const char *e)
 {
+  /* Only allow decimal float literals without whitespace.  */
+  for (const char *p = s; p < e; p++)
+    if (!((*p >= '0' && *p <= '9')
+	  || *p == '.' || *p == '+' || *p == '-' || *p == 'e' || *p == 'E'))
+      return -1;
   char *end;
   double x = strtod (s, &end);
   return (end == e && x >= 0 && x <= 1) ? x : -1;
diff --git a/test/src/xfaces-tests.el b/test/src/xfaces-tests.el
index 31c0f021b28..16f16537918 100644
--- a/test/src/xfaces-tests.el
+++ b/test/src/xfaces-tests.el
@@ -47,7 +47,10 @@
                  '(0 32768 6554)))
   (should (equal (color-values-from-color-spec "rgbi:1e-3/1.0e-2/1e0")
                  '(66 655 65535)))
-  (should (equal (color-values-from-color-spec "rgbi:0/0.5/10") nil)))
+  (should (equal (color-values-from-color-spec "rgbi:0/0.5/10") nil))
+  (should (equal (color-values-from-color-spec "rgbi:0/0/ 0") nil))
+  (should (equal (color-values-from-color-spec "rgbi:0/0x0/0") nil))
+  (should (equal (color-values-from-color-spec "rgbi:0/+0x1/0") nil)))
 
 (provide 'xfaces-tests)