From ca56b4c90ee590bc060a135b74b4de695d52e172 Mon Sep 17 00:00:00 2001
From: Dianne Skoll <dianne@skoll.ca>
Date: Sat, 1 Feb 2025 10:12:51 -0500
Subject: [PATCH] Disallow "\x00"

---
 src/expr.c | 7 ++++++-
 src/main.c | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/expr.c b/src/expr.c
index 8b415459..8dc351e1 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -1651,7 +1651,12 @@ static int parse_expr_token(DynamicBuffer *buf, char const **in)
                         (*in)++;
                     }
                     c2 = (int) strtol(hexbuf, NULL, 16);
-                    r = DBufPutc(buf, c2);
+                    if (!c2) {
+                        Eprint(tr("\\x00 is not a valid escape sequence"));
+                        r = E_PARSE_ERR;
+                    } else {
+                        r = DBufPutc(buf, c2);
+                    }
                     break;
                 default:
                     r = DBufPutc(buf, **in);
diff --git a/src/main.c b/src/main.c
index afff8156..d8901fe4 100644
--- a/src/main.c
+++ b/src/main.c
@@ -697,7 +697,12 @@ int ParseQuotedString(ParsePtr p, DynamicBuffer *dbuf)
                     if (err) break;
                 }
                 c2 = (int) strtol(hexbuf, NULL, 16);
-                err = DBufPutc(dbuf, c2);
+                if (!c2) {
+                    Eprint(tr("\\x00 is not a valid escape sequence"));
+                    err = E_PARSE_ERR;
+                } else {
+                    err = DBufPutc(dbuf, c2);
+                }
                 break;
             default:
                 err = DBufPutc(dbuf, c);