Panic on listItem function

[CT-Zer0]

Hi,

While I was fuzzing this library with go-fuzz, I am encountered with the following panic (index out of range error). I assume it is a simple size check mistake on the 1363th line of listItem function in block.go. It should be for next < len(data) - 1 && data[next] != '\n' rather than for next < len(data) && data[next] != '\n'. I have tried my patch and it works normally.

Go version: go version go1.16.4 linux/amd64 Linux kernel: Linux fuzz1 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux My code (https://play.golang.org/p/lboSQ4YCIeh) :

package main

import "github.com/russross/blackfriday/v2"

func main() {

data := []byte {':','\t','\n','\n','0','\n','0','0'}
blackfriday.Run(data)

}

Error:

panic: runtime error: index out of range [8] with length 8

goroutine 1 [running]:
github.com/russross/blackfriday/v2.(*Markdown).listItem(0xc0000de900, 0xc0000143f0, 0x8, 0x8, 0xc0000addc8, 0xc000086780)
        /home/fuzz/go/pkg/mod/github.com/russross/blackfriday/v2@v2.1.0/block.go:1369 +0xedd
github.com/russross/blackfriday/v2.(*Markdown).list(0xc0000de900, 0xc0000143f0, 0x8, 0x8, 0x12, 0x0)
        /home/fuzz/go/pkg/mod/github.com/russross/blackfriday/v2@v2.1.0/block.go:1135 +0xfb
github.com/russross/blackfriday/v2.(*Markdown).block(0xc0000de900, 0xc0000143f0, 0x8, 0x8)
        /home/fuzz/go/pkg/mod/github.com/russross/blackfriday/v2@v2.1.0/block.go:187 +0x3a5
github.com/russross/blackfriday/v2.(*Markdown).Parse(0xc0000de900, 0xc0000143f0, 0x8, 0x8, 0x0)
        /home/fuzz/go/pkg/mod/github.com/russross/blackfriday/v2@v2.1.0/markdown.go:404 +0x4d
github.com/russross/blackfriday/v2.Run(0xc0000143f0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4e4640, 0xc00005e058)
        /home/fuzz/go/pkg/mod/github.com/russross/blackfriday/v2@v2.1.0/markdown.go:388 +0x1a5
main.main()
        /home/fuzz/fuzz/deneme.go:9 +0x6b
exit status 2

[julijane]

We had the same issue in a project and the suggested change fixes it.