From 4c53044f62ba3e0921b6283e8ae37f7039c23643 Mon Sep 17 00:00:00 2001
From: comex <comexk@gmail.com>
Date: Sun, 21 Jan 2024 20:49:15 -0800
Subject: [PATCH] Minimal fix for the high-severity issue without bumping MSRV

Ref: https://github.com/advisories/GHSA-r7qv-8r2h-pg27
---
 Cargo.toml   |  2 +-
 src/bytes.rs | 10 +++++++---
 src/lib.rs   |  1 +
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index cebc918..f032f4e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "shlex"
-version = "1.2.0"
+version = "1.2.1"
 authors = [
     "comex <comexk@gmail.com>",
     "Fenhl <fenhl@fenhl.net>"
diff --git a/src/bytes.rs b/src/bytes.rs
index e3306f5..8d86ac2 100644
--- a/src/bytes.rs
+++ b/src/bytes.rs
@@ -170,7 +170,8 @@ pub fn quote(in_bytes: &[u8]) -> Cow<[u8]> {
         b"\"\""[..].into()
     } else if in_bytes.iter().any(|c| match *c as char {
         '|' | '&' | ';' | '<' | '>' | '(' | ')' | '$' | '`' | '\\' | '"' | '\'' | ' ' | '\t' |
-        '\r' | '\n' | '*' | '?' | '[' | '#' | '~' | '=' | '%' => true,
+        '\r' | '\n' | '*' | '?' | '[' | '#' | '~' | '=' | '%' | '{' | '}' |
+        '\u{80}' ..= '\u{10ffff}' => true,
         _ => false
     }) {
         let mut out: Vec<u8> = Vec::new();
@@ -200,8 +201,11 @@ pub fn join<'a, I: core::iter::IntoIterator<Item = &'a [u8]>>(words: I) -> Vec<u
 
 #[cfg(test)]
 const INVALID_UTF8: &[u8] = b"\xa1";
+#[cfg(test)]
+const INVALID_UTF8_DOUBLEQUOTED: &[u8] = b"\"\xa1\"";
 
 #[test]
+#[allow(invalid_from_utf8)]
 fn test_invalid_utf8() {
     // Check that our test string is actually invalid UTF-8.
     assert!(core::str::from_utf8(INVALID_UTF8).is_err());
@@ -255,7 +259,7 @@ fn test_quote() {
     assert_eq!(quote(b"foo bar"), &b"\"foo bar\""[..]);
     assert_eq!(quote(b"\""), &b"\"\\\"\""[..]);
     assert_eq!(quote(b""), &b"\"\""[..]);
-    assert_eq!(quote(INVALID_UTF8), INVALID_UTF8);
+    assert_eq!(quote(INVALID_UTF8), INVALID_UTF8_DOUBLEQUOTED);
 }
 
 #[test]
@@ -264,5 +268,5 @@ fn test_join() {
     assert_eq!(join(vec![&b""[..]]), &b"\"\""[..]);
     assert_eq!(join(vec![&b"a"[..], &b"b"[..]]), &b"a b"[..]);
     assert_eq!(join(vec![&b"foo bar"[..], &b"baz"[..]]), &b"\"foo bar\" baz"[..]);
-    assert_eq!(join(vec![INVALID_UTF8]), INVALID_UTF8);
+    assert_eq!(join(vec![INVALID_UTF8]), INVALID_UTF8_DOUBLEQUOTED);
 }
diff --git a/src/lib.rs b/src/lib.rs
index 444c1fa..c03db53 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -146,6 +146,7 @@ fn test_quote() {
     assert_eq!(quote("foo bar"), "\"foo bar\"");
     assert_eq!(quote("\""), "\"\\\"\"");
     assert_eq!(quote(""), "\"\"");
+    assert_eq!(quote("{foo,bar}"), "\"{foo,bar}\"");
 }
 
 #[test]