cmark

My personal build of CMark ✏️

Commit: 6e8f0bf2d394f7dc444efe003e1b65610a57f30c
Parent: f8737b1c82981624b3263224dbf92fa6627f7205
Author: John MacFarlane <jgm@berkeley.edu>
Date: Thu, 29 Jun 2017 10:23:20 +0200

Fixed undefined shift in commonmark writer.

Closes #211.

Found by google/oss-fuzz: https://oss-fuzz.com/v2/testcase-detail/4686992824598528

Diffstat

1 file changed, 6 insertions, 3 deletions

Status	File Name	N° Changes	Insertions	Deletions
Modified	src/commonmark.c	9	6	3

diff --git a/src/commonmark.c b/src/commonmark.c
@@ -1,6 +1,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <stdint.h>
 #include <assert.h>
 
 #include "config.h"
@@ -81,7 +82,9 @@ static int longest_backtick_sequence(const char *code) {
 }
 
 static int shortest_unused_backtick_sequence(const char *code) {
-  int32_t used = 1;
+  // note: if the shortest sequence is >= 32, this returns 32
+  // so as not to overflow the bit array.
+  uint32_t used = 1;
   int current = 0;
   size_t i = 0;
   size_t code_len = strlen(code);
@@ -89,7 +92,7 @@ static int shortest_unused_backtick_sequence(const char *code) {
     if (code[i] == '`') {
       current++;
     } else {
-      if (current) {
+      if (current > 0 && current < 32) {
         used |= (1 << current);
       }
       current = 0;
@@ -98,7 +101,7 @@ static int shortest_unused_backtick_sequence(const char *code) {
   }
   // return number of first bit that is 0:
   i = 0;
-  while (used & 1) {
+  while (i < 32 && used & 1) {
     used = used >> 1;
     i++;
   }