My personal build of CMark ✏️
Check return status of utf8proc_iterate. Closes #27.
If unicode parsing gives an error condition, we just skip the rest of the string without rendering anything and proceed. I'm not sure if that's the best way to handle this, but garbage in, garbage out.
Note: this bug was found using american fuzzy lop.
2 files changed, 6 insertions, 0 deletions
| Status | File Name | N° Changes | Insertions | Deletions |
| Modified | src/commonmark.c | 3 | 3 | 0 |
| Modified | src/man.c | 3 | 3 | 0 |
diff --git a/src/commonmark.c b/src/commonmark.c @@ -117,6 +117,9 @@ static inline void out(struct render_state *state, } len = utf8proc_iterate(source + i, length - i, &c); + if (len == -1) { // error condition + return; // return without rendering rest of string + } nextc = source[i + len]; if (c == 32 && wrap) { if (!state->begin_line) {
diff --git a/src/man.c b/src/man.c @@ -20,6 +20,9 @@ static void escape_man(cmark_strbuf *dest, const unsigned char *source, int leng while (i < length) { len = utf8proc_iterate(source + i, length - i, &c); + if (len == -1) { // error condition + return; // return without rendering anything + } switch(c) { case 46: if (beginLine) {