search

wallyqs / org-ruby

An Org mode parser written in Ruby.
218 stars 51 forks source link

org-ruby crashes when converting invalid input to html #58

Open zelivans opened 6 years ago

zelivans commented 6 years ago

I've been testing org-ruby with a Ruby fuzzing tool (kisaten) and found this bug. The failing code:

Orgmode::Parser.new(data).to_html

Results in a NoMethodError exception in the flush! method where the following code does not return a 4 elements array as expected:

@buffer.split(/\A(.*[ \t]+|)::(|[ \t]+.*?)$/, 4)
d[1] = d[1].strip

I think a fix can be to check the result length of that split array, but I'm not sure what is the context here.

Raw crash

/home/ariel/afl-kisaten/private/sandbox/orgmode/org-ruby/lib/org-ruby/html_output_buffer.rb:172:in `flush!': undefined method `strip' for nil:NilClass (NoMethodError)
    from /home/ariel/afl-kisaten/private/sandbox/orgmode/org-ruby/lib/org-ruby/parser.rb:393:in `translate'
    from /home/ariel/afl-kisaten/private/sandbox/orgmode/org-ruby/lib/org-ruby/parser.rb:362:in `to_html'
    from tst.rb:9:in `<main>'

Input

The files causing this exception are binary, I uploaded them to gist.