cmark

My personal build of CMark ✏️

Commit: cb1cd888cce0cae20a33663d6d17ef7630c5d4d7
Parent: 7d04065de4c793003af01647ff23132de1c9e919
Author: John MacFarlane <jgm@berkeley.edu>
Date: Mon, 11 Nov 2019 12:52:35 -0800

Fix entity parser (and api test) to respect length limit on numeric entities.

Diffstat

2 files changed, 9 insertions, 4 deletions

Status	File Name	N° Changes	Insertions	Deletions
Modified	api_test/main.c	6	3	3
Modified	src/inlines.c	7	6	1

diff --git a/api_test/main.c b/api_test/main.c
@@ -837,11 +837,11 @@ static void numeric_entities(test_batch_runner *runner) {
                   "Valid numeric entity 0x10FFFF");
   test_md_to_html(runner, "&#x110000;", "<p>" UTF8_REPL "</p>\n",
                   "Invalid numeric entity 0x110000");
-  test_md_to_html(runner, "&#x80000000;", "<p>" UTF8_REPL "</p>\n",
+  test_md_to_html(runner, "&#x80000000;", "<p>&amp;#x80000000;</p>\n",
                   "Invalid numeric entity 0x80000000");
-  test_md_to_html(runner, "&#xFFFFFFFF;", "<p>" UTF8_REPL "</p>\n",
+  test_md_to_html(runner, "&#xFFFFFFFF;", "<p>&amp;#xFFFFFFFF;</p>\n",
                   "Invalid numeric entity 0xFFFFFFFF");
-  test_md_to_html(runner, "&#99999999;", "<p>" UTF8_REPL "</p>\n",
+  test_md_to_html(runner, "&#99999999;", "<p>&amp;#99999999;</p>\n",
                   "Invalid numeric entity 99999999");
 
   test_md_to_html(runner, "&#;", "<p>&amp;#;</p>\n",

diff --git a/src/inlines.c b/src/inlines.c
@@ -784,13 +784,18 @@ static cmark_node *handle_backslash(subject *subj) {
 static cmark_node *handle_entity(subject *subj) {
   cmark_strbuf ent = CMARK_BUF_INIT(subj->mem);
   bufsize_t len;
+  int length_limit = 256;
 
   advance(subj);
 
   len = houdini_unescape_ent(&ent, subj->input.data + subj->pos,
                              subj->input.len - subj->pos);
 
-  if (len == 0)
+  if (peek_char(subj) == '#') {
+     length_limit = 9; // includes #, optional x for hex, and ;
+  }
+
+  if (len <= 0 || len > length_limit)
     return make_str(subj, subj->pos - 1, subj->pos - 1, cmark_chunk_literal("&"));
 
   subj->pos += len;