From c72ffa7a9ae5b5da7533a84d45fd91ee22ddc72f Mon Sep 17 00:00:00 2001 From: Solomon Peachy Date: Mon, 9 Mar 2026 21:40:40 -0400 Subject: [PATCH] diacritic: Critical bugfixes * When the codepoint > 0xffff, don't overflow past the end of our diacritic table (Fixed by William Wilgus) * Truncation of the 'info' field causes the RTL flag to be dropped (RTL flag is b15 but we truncate it into an 8-bit variable) Both bugs introduced in a2c10f6189 (September 2025) Change-Id: Id5425606f2cf91d3b3a81f4b67a97d546de81e41 --- firmware/common/diacritic.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/firmware/common/diacritic.c b/firmware/common/diacritic.c index 68c8dcd4c9..878eba1064 100644 --- a/firmware/common/diacritic.c +++ b/firmware/common/diacritic.c @@ -203,9 +203,15 @@ bool is_diacritic(const ucschar_t char_code, bool *is_rtl) static uint8_t diacritic_mru[MRU_MAX_LEN]; uint8_t i, itmp; - uint8_t info, mru; + uint8_t mru; + uint16_t info; - const struct diac_range *diac; + const struct diac_range *diac = &diac_ranges[DIAC_NUM_RANGES - 1]; + + /* If the codepoint exceeds the terminating entry in our table + then treat it as non-diacritic. */ + if (char_code >= diac->base) + goto bypass; /* Search in MRU */ for (mru = 0, i = 0; mru < mru_len; mru++) @@ -244,6 +250,8 @@ Found: diacritic_mru[0] = i; diac = &diac_ranges[i]; + +bypass: info = diac->info; /* Update RTL */