search

mity / md4c

C Markdown parser. Fast. SAX-like interface. Compliant to CommonMark specification.
MIT License
756 stars 138 forks source link

Fix for a buffer overflow #167

Closed dtldarek closed 2 years ago

dtldarek commented 2 years ago

Fuzzying found that input "\xA9##r[](r[](" generates a buffer overflow (see the diff for the exact place), and this is a small change that should fix it.

codecov[bot] commented 2 years ago

Codecov Report

Merging #167 (260cd33) into master (7f05330) will increase coverage by 0.06%. The diff coverage is 100.00%.

:exclamation: Current head 260cd33 differs from pull request most recent head b8c31a5. Consider uploading reports for the commit b8c31a5 to get more accurate results Impacted file tree graph

@@            Coverage Diff             @@
##           master     #167      +/-   ##
==========================================
+ Coverage   94.33%   94.39%   +0.06%     
==========================================
  Files           3        3              
  Lines        3088     3089       +1     
==========================================
+ Hits         2913     2916       +3     
+ Misses        175      173       -2
Impacted Files Coverage Δ
src/md4c.c 94.31% <100.00%> (+0.07%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 7f05330...b8c31a5. Read the comment docs.

dtldarek commented 2 years ago

And another one, this time for: "\n# h1\nc hh##e2ked\n\n A | rong__ ___strong \u0000\u0000\u0000\u0000\u0000\u0000\a\u0000\u0000\u0000\u0000\n# h1\nh# #2\n### h3\n#### h4\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\\\n##### h5\n#*#####\u0000\n6"

mity commented 2 years ago

Thank you. Will merge shortly.

(And sorry for the late answer, was out of github for some months.)