search

yuin / goldmark-highlighting

A Syntax highlighting extension for the goldmark markdown parser.
MIT License
100 stars 14 forks source link

Fuzz crash on ```0{class=0#. #19

Closed lmas closed 3 years ago

lmas commented 3 years ago

Please answer the following before submitting your issue:

  1. What version of goldmark are you using? : v1.3.5
  2. What version of Go are you using? : go1.16
  3. What operating system and processor architecture are you using? : linux/amd64
  4. What did you do? : ran go-fuzz on my own project that uses the goldmark parser
  5. What did you expect to see? : no crashes by goldmark
  6. What did you see instead? : 
    
panic: interface conversion: interface {} is float64, not []uint8

goroutine 1 [running]: github.com/yuin/goldmark/parser.ParseAttributes.func1(0x7bede0, 0xdcfe00, 0x5, 0x5af701) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/parser/attribute.go:68 +0x2bf github.com/yuin/goldmark/parser.Attributes.findUpdate(0xc00062d130, 0x2, 0x2, 0xdc2074, 0x5, 0x5, 0xc00047f8b0, 0x1) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/parser/attribute.go:37 +0xb7 github.com/yuin/goldmark/parser.ParseAttributes(0xc14930, 0xc00060a310, 0xc0bb64, 0x0, 0x412e82, 0xc00047f998) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/parser/attribute.go:67 +0x449 github.com/yuin/goldmark-highlighting.getAttributes(0xc000692000, 0xc0005876d3, 0xb, 0xd, 0xc0005876d3, 0xb) ./.go/pkg/mod/github.com/yuin/goldmark-highlighting@v0.0.0-20200307114337-60d527fdb691/highlighting.go:368 +0x148 github.com/yuin/goldmark-highlighting.(HTMLRenderer).renderFencedCodeBlock(0xc00060a1c0, 0xc14188, 0xc00059d880, 0xc0005876d0, 0xe, 0x10, 0xc1bf80, 0xc000692000, 0x1, 0xdc98e0, ...) ./.go/pkg/mod/github.com/yuin/goldmark-highlighting@v0.0.0-20200307114337-60d527fdb691/highlighting.go:395 +0x1b7 github.com/yuin/goldmark/renderer.(renderer).Render.func2(0xc1bf80, 0xc000692000, 0x1, 0x0, 0xc14188, 0xc00059d880) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/renderer/renderer.go:166 +0x108 github.com/yuin/goldmark/ast.walkHelper(0xc1bf80, 0xc000692000, 0xc00047fe48, 0x3, 0x0, 0x0) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/ast/ast.go:492 +0x43 github.com/yuin/goldmark/ast.walkHelper(0xc1bd40, 0xc0005a18c0, 0xc00047fe48, 0xc000681000, 0x0, 0xc000587600) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/ast/ast.go:498 +0x16b github.com/yuin/goldmark/ast.Walk(...) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/ast/ast.go:487 github.com/yuin/goldmark/renderer.(renderer).Render(0xc00062d0e0, 0xc12068, 0xc000638f30, 0xc0005876d0, 0xe, 0x10, 0xc1bd40, 0xc0005a18c0, 0x10, 0xe) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/renderer/renderer.go:161 +0x13c github.com/yuin/goldmark.(markdown).Convert(0xc00059d500, 0xc0005876d0, 0xe, 0x10, 0xc12068, 0xc000638f30, 0x0, 0x0, 0x0, 0x406185, ...) ./.go/pkg/mod/github.com/yuin/goldmark@v1.3.3/markdown.go:117 +0x12c main.main() ./goldmark_crash.go:21 +0xcb exit status 2

package main

import ( "bytes" "fmt"

    "github.com/yuin/goldmark" // Version v1.3.5
    highlighting "github.com/yuin/goldmark-highlighting" // Version v0.0.0-20210428103930-3a9678dbb86c

)

var gm = goldmark.New( goldmark.WithExtensions( highlighting.NewHighlighting(), ), )

// This input will crash the parser var input string = "```0{class=0#."

func main() { var buf bytes.Buffer err := gm.Convert([]byte(input), &buf) fmt.Println("Error:", err) }



Copy from https://github.com/yuin/goldmark/issues/219
yuin commented 3 years ago

fixed by yuin/goldmark@38f7fc92ff20e1d6c4412fa4346e596b9cd73934