kc3-lang/md4c

Browse

Commit 933388a6573ed04ee267ccfbc0625f6f6306313d

dtldarek 2021-08-25T14:41:49

This is a fix for a buffer overflow that happens on input found with fuzzying (in c-string format): "\xA9##r[](r[](". 

1
2
3
4
5
6
7
8
9
10
11
12
13

diff --git a/src/md4c.c b/src/md4c.c
index 40066b2..2864010 100644
--- a/src/md4c.c
+++ b/src/md4c.c
@@ -2275,7 +2275,7 @@ md_is_inline_link_spec(MD_CTX* ctx, const MD_LINE* lines, int n_lines,
     /* Optional white space with up to one line break. */
     while(off < lines[line_index].end  &&  ISWHITESPACE(off))
         off++;
-    if(off >= lines[line_index].end  &&  ISNEWLINE(off)) {
+    if(off >= lines[line_index].end  &&  (off >= ctx->size  ||  ISNEWLINE(off))) {
         line_index++;
         if(line_index >= n_lines)
             return FALSE;
kmx.io     mail     discord kmxgit v0.4.0