oss-sec mailing list archives
Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code
From: Jakub Wilk <jwilk () jwilk net>
Date: Mon, 1 Nov 2021 16:10:02 +0100
+ ('\u{202A}', ""), // The following unicode text flow control characters are inconsistently + ('\u{202B}', ""), // supported accross CLIs and can cause confusion due to the bytes on disk + ('\u{202D}', ""), // not corresponding to the visible source code, so we replace them always. + ('\u{202E}', ""), + ('\u{2066}', ""), + ('\u{2067}', ""), + ('\u{2068}', ""), + ('\u{202C}', ""), + ('\u{2069}', ""),
Is it intentional that (here and elsewhere in the patch) they didn't include all the characters with the Bidi_Control property?
$ grep -w Bidi_Control /usr/share/unicode/PropList.txt 061C ; Bidi_Control # Cf ARABIC LETTER MARK 200E..200F ; Bidi_Control # Cf [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK 202A..202E ; Bidi_Control # Cf [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE 2066..2069 ; Bidi_Control # Cf [4] LEFT-TO-RIGHT ISOLATE..POP DIRECTIONAL ISOLATE So U+061C, U+200E and U+200F appear to be missing from the patch. -- Jakub Wilk
Current thread:
- CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Pietro Albini (Oct 31)
- Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Jakub Wilk (Nov 01)
- Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Dave Horsfall (Nov 01)