Unquote implements unescaping a "single-quoted, doubled-quoted, or
backquoted Go string literal". Therefore, it should reject anything
that the Go specification explicitly forbids.
The section on "Rune literals" explicitly rejects rune values
"above 0x10FFFF and surrogate halves". We properly checked for
the previous condition, but were failing to check for the latter.
In general, "r > utf8.MaxRune" is probably the wrong check,
while !utf8.ValidRune(r) is the more correct check.
We make changes to both UnquoteChar and appendEscapedRune
to use the correct check. The change to appendEscapedRune
is technically a noop since callers of that function already
guarantee that the provided rune is valid.
Fixes #47853
Change-Id: Ib8977e56b91943ec8ada821b8d217b5e9a66f950
Reviewed-on: https://go-review.googlesource.com/c/go/+/343877
Trust: Joe Tsai <joetsai@digital-static.net>
Run-TryBot: Joe Tsai <joetsai@digital-static.net>
TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Rob Pike <r@golang.org>