From e0b78f7f2a0274e834b3d5bd73f89184fc47fe87 Mon Sep 17 00:00:00 2001
From: Konrad Borowski <glitchmr@myopera.com>
Date: Wed, 27 Nov 2013 21:16:34 +0100
Subject: [PATCH] Disallow Unicode conversion specifications.

This stops fish from accessing the `bool ok[UCHAR_MAX + 1]` table
beyond allocated space potentially accessing memory that doesn't
belong to fish, and crashing.
---
 builtin_printf.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin_printf.cpp b/builtin_printf.cpp
index 7e7daee23..1a1ab3350 100644
--- a/builtin_printf.cpp
+++ b/builtin_printf.cpp
@@ -732,7 +732,7 @@ no_more_flag_characters:
 
                 {
                     wchar_t conversion = *f;
-                    if (! ok[conversion])
+                    if (conversion > 0xFF || ! ok[conversion])
                     {
                         this->fatal_error(_(L"%.*ls: invalid conversion specification"), (int)(f + 1 - direc_start), direc_start);
                         return 0;