Prevent overflow of octal escape sequences

The octal parser accepts the range `\1..\777`. The result is cast to
`char` which will silently overflow.

This commit prevents overlow and will treat `\400..\777` as invalid
escape sequences.

src/scanner-utils.h

@@ -188,7 +188,14 @@ scanner_oct(struct scanner *s, uint8_t *out)
 {
     int i;
     for (i = 0, *out = 0; scanner_peek(s) >= '0' && scanner_peek(s) <= '7' && i < 3; i++)
+        /* Test overflow */
+        if (*out < 040) {
             *out = *out * 8 + scanner_next(s) - '0';
+        } else {
+            /* Consume valid digit, but mark result as invalid */
+            scanner_next(s);
+            return false;
+        }
     return i > 0;
 }
 

test/compose.c

@@ -687,7 +687,11 @@ test_traverse(struct xkb_context *ctx)
 static void
 test_escape_sequences(struct xkb_context *ctx)
 {
-    const char *table_string = "<o> <e> : \"f\\x0o\\0o\" X\n";
+    /* The following escape sequences should be ignored:
+     * • \401 overflows
+     * • \0 and \x0 produce NULL
+     */
+    const char *table_string = "<o> <e> : \"\\401f\\x0o\\0o\" X\n";
 
     assert(test_compose_seq_buffer(ctx, table_string,
         XKB_KEY_o, XKB_COMPOSE_FEED_ACCEPTED, XKB_COMPOSE_COMPOSING,  "",     XKB_KEY_NoSymbol,

test/data/keymaps/invalid-escape-sequence.xkb

@@ -3,7 +3,9 @@ xkb_keymap {
     // must be ignored. Else it would insert a NULL character and thus
     // truncates the string to "evde", while we expect "evdev+aliases(qwerty)".
     xkb_keycodes  { include "evde\0v+aliases(qwerty)" };
-    xkb_types     { include "complete" };
+    // The following include statement has two octal escape sequences that
+    // should be ignored, else they would overflow.
+    xkb_types     { include "com\401ple\777te" };
     xkb_compat    { include "complete" };
     xkb_symbols   { include "pc+us" };
 };