From 76b2e01ef7709fd46c86da6768183230275e57a6 Mon Sep 17 00:00:00 2001
From: Nathan Scott <nathans@redhat.com>
Date: Mon, 18 May 2026 16:04:34 +1000
Subject: [PATCH] Filter C1 control characters in addition to C0 and DEL

Hardening follow-up: extend control character filtering to also
catch C1 controls (U+0080-U+009F), which are encoded as two-byte
UTF-8 sequences starting with 0xC2.

Related-to: GHSA-q64m-h5hc-c4qq
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 XUtils.h | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/XUtils.h b/XUtils.h
index 57bb60adf..340a26274 100644
--- a/XUtils.h
+++ b/XUtils.h
@@ -135,12 +135,20 @@ static inline bool Char_isControl(char c) {
    return (unsigned char)c < ' ' || c == '\x7F';
 }
 
-/* Replace control characters (C0 and DEL) with a safe substitute. */
+static inline bool Char_isC1Control(char c, char next) {
+   return (unsigned char)c == 0xC2 && (unsigned char)next >= 0x80 && (unsigned char)next <= 0x9F;
+}
+
+/* Replace control characters (C0, DEL, and C1) with a safe substitute. */
 ATTR_NONNULL
 static inline void String_stripControlChars(char* s) {
-   for (; *s; s++) {
-      if (Char_isControl(*s))
-         *s = '?';
+   for (; s[0]; s++) {
+      if (Char_isControl(s[0])) {
+         s[0] = '?';
+      } else if (Char_isC1Control(s[0], s[1])) {
+         s[0] = s[1] = '?';
+         s++;
+      }
    }
 }