Do not accept invalid octal character values (>= 0400).

This also avoid possible stack corruption (e.g. previously `tr -s '\400'' or
similars lead to them).

Reviewed and thanks to <pgoyette>!

usr.bin/tr/str.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: str.c,v 1.29 2013/08/11 01:54:35 dholland Exp $	*/
+/*	$NetBSD: str.c,v 1.30 2018/05/26 11:20:30 leot Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)str.c	8.2 (Berkeley) 4/28/95";
 #endif
-__RCSID("$NetBSD: str.c,v 1.29 2013/08/11 01:54:35 dholland Exp $");
+__RCSID("$NetBSD: str.c,v 1.30 2018/05/26 11:20:30 leot Exp $");
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -417,6 +417,8 @@ backslash(STR *s)
 	}
 	if (cnt) {
 		/* We saw digits, so return their value */
+		if (val >= OOBCH)
+			errx(1, "Invalid octal character value");
 		return val;
 	}
 	if (ch == '\0') {