Skip to content
Permalink
Browse files Browse the repository at this point in the history
md_analyze_line: Avoid reading 1 byte beyond the input size.
Fixes #155.
  • Loading branch information
mity committed Mar 29, 2021
1 parent aa65423 commit 4fc808d
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 9 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Expand Up @@ -21,6 +21,9 @@ Fixes:
correctly, even when the blocks are nested at the same line in a complicated
ways.

* [#155](https://github.com/mity/md4c/issues/155):
Avoid reading 1 character beyond the input size in some complex cases.


## Version 0.4.7

Expand Down
24 changes: 15 additions & 9 deletions src/md4c.c
Expand Up @@ -5869,7 +5869,7 @@ md_analyze_line(MD_CTX* ctx, OFF beg, OFF* p_end,

/* Check whether we are Setext underline. */
if(line->indent < ctx->code_indent_offset && pivot_line->type == MD_LINE_TEXT
&& (CH(off) == _T('=') || CH(off) == _T('-'))
&& off < ctx->size && ISANYOF2(off, _T('='), _T('-'))
&& (n_parents == ctx->n_containers))
{
unsigned level;
Expand All @@ -5882,7 +5882,10 @@ md_analyze_line(MD_CTX* ctx, OFF beg, OFF* p_end,
}

/* Check for thematic break line. */
if(line->indent < ctx->code_indent_offset && ISANYOF(off, _T("-_*")) && off >= hr_killer) {
if(line->indent < ctx->code_indent_offset
&& off < ctx->size && off >= hr_killer
&& ISANYOF(off, _T("-_*")))
{
if(md_is_hr_line(ctx, off, &off, &hr_killer)) {
line->type = MD_LINE_HR;
break;
Expand Down Expand Up @@ -5946,7 +5949,7 @@ md_analyze_line(MD_CTX* ctx, OFF beg, OFF* p_end,
{
/* Noop. List mark followed by a blank line cannot interrupt a paragraph. */
} else if(pivot_line->type == MD_LINE_TEXT && n_parents == ctx->n_containers &&
(container.ch == _T('.') || container.ch == _T(')')) && container.start != 1)
ISANYOF2_(container.ch, _T('.'), _T(')')) && container.start != 1)
{
/* Noop. Ordered list cannot interrupt a paragraph unless the start index is 1. */
} else {
Expand Down Expand Up @@ -5987,7 +5990,9 @@ md_analyze_line(MD_CTX* ctx, OFF beg, OFF* p_end,
}

/* Check for ATX header. */
if(line->indent < ctx->code_indent_offset && CH(off) == _T('#')) {
if(line->indent < ctx->code_indent_offset &&
off < ctx->size && CH(off) == _T('#'))
{
unsigned level;

if(md_is_atxheader_line(ctx, off, &line->beg, &off, &level)) {
Expand All @@ -5998,7 +6003,7 @@ md_analyze_line(MD_CTX* ctx, OFF beg, OFF* p_end,
}

/* Check whether we are starting code fence. */
if(CH(off) == _T('`') || CH(off) == _T('~')) {
if(off < ctx->size && ISANYOF2(off, _T('`'), _T('~'))) {
if(md_is_opening_code_fence(ctx, off, &off)) {
line->type = MD_LINE_FENCEDCODE;
line->data = 1;
Expand All @@ -6007,7 +6012,8 @@ md_analyze_line(MD_CTX* ctx, OFF beg, OFF* p_end,
}

/* Check for start of raw HTML block. */
if(CH(off) == _T('<') && !(ctx->parser.flags & MD_FLAG_NOHTMLBLOCKS))
if(off < ctx->size && CH(off) == _T('<')
&& !(ctx->parser.flags & MD_FLAG_NOHTMLBLOCKS))
{
ctx->html_block_type = md_is_html_block_start_condition(ctx, off);

Expand All @@ -6028,9 +6034,9 @@ md_analyze_line(MD_CTX* ctx, OFF beg, OFF* p_end,
}

/* Check for table underline. */
if((ctx->parser.flags & MD_FLAG_TABLES) && pivot_line->type == MD_LINE_TEXT &&
(CH(off) == _T('|') || CH(off) == _T('-') || CH(off) == _T(':')) &&
n_parents == ctx->n_containers)
if((ctx->parser.flags & MD_FLAG_TABLES) && pivot_line->type == MD_LINE_TEXT
&& off < ctx->size && ISANYOF3(off, _T('|'), _T('-'), _T(':'))
&& n_parents == ctx->n_containers)
{
unsigned col_count;

Expand Down

0 comments on commit 4fc808d

Please sign in to comment.