tr(1) attempts to convert \n[n][n] sequences into octal digits, but doesn't

check to see that a given digit is actually an octal digit.  This leads to
unusual consequences if passed in values like \9.

Reported by:	Joseph Davison (OpenDarwin project)
MFC after:	1 week

usr.bin/tr/str.c

@@ -358,7 +358,7 @@ backslash(STR *s, int *is_octal)
 		*is_octal = 0;
 	for (cnt = val = 0;;) {
 		ch = (u_char)*++s->str;
-		if (!isdigit(ch))
+		if (!isdigit(ch) || ch > '7')
 			break;
 		val = val * 8 + ch - '0';
 		if (++cnt == 3) {