summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Wellnhofer <wellnhofer@aevum.de>2015-06-07 16:54:37 +0200
committerNick Wellnhofer <wellnhofer@aevum.de>2015-06-07 21:42:15 +0200
commitbef240d45b5eda3a584ca1a495f54cb17ff8895f (patch)
tree2f51762317d378dd20ed991daef49d2a3cf86f89
parent7382fd5eba48107a8190bd2d6232cc3b6e20d8fc (diff)
Check for overflow in S_parser_feed
Guard against too large chunks passed via the API.
-rw-r--r--src/blocks.c9
-rw-r--r--src/buffer.h8
2 files changed, 14 insertions, 3 deletions
diff --git a/src/blocks.c b/src/blocks.c
index 72b1ca5..a3ac712 100644
--- a/src/blocks.c
+++ b/src/blocks.c
@@ -497,6 +497,7 @@ S_parser_feed(cmark_parser *parser, const unsigned char *buffer, size_t len,
while (buffer < end) {
const unsigned char *eol;
size_t line_len;
+ bufsize_t bufsize;
for (eol = buffer; eol < end; ++eol) {
if (S_is_line_end_char(*eol))
@@ -514,17 +515,19 @@ S_parser_feed(cmark_parser *parser, const unsigned char *buffer, size_t len,
} else if (eof) {
line_len = end - buffer;
} else {
- cmark_strbuf_put(parser->linebuf, buffer, end - buffer);
+ bufsize = cmark_strbuf_check_bufsize(end - buffer);
+ cmark_strbuf_put(parser->linebuf, buffer, bufsize);
break;
}
+ bufsize = cmark_strbuf_check_bufsize(line_len);
if (parser->linebuf->size > 0) {
- cmark_strbuf_put(parser->linebuf, buffer, line_len);
+ cmark_strbuf_put(parser->linebuf, buffer, bufsize);
S_process_line(parser, parser->linebuf->ptr,
parser->linebuf->size);
cmark_strbuf_clear(parser->linebuf);
} else {
- S_process_line(parser, buffer, line_len);
+ S_process_line(parser, buffer, bufsize);
}
buffer += line_len;
diff --git a/src/buffer.h b/src/buffer.h
index 9c850e4..f9696e0 100644
--- a/src/buffer.h
+++ b/src/buffer.h
@@ -74,6 +74,14 @@ void cmark_strbuf_unescape(cmark_strbuf *s);
/* Print error and abort. */
void cmark_strbuf_overflow_err(void);
+static inline bufsize_t
+cmark_strbuf_check_bufsize(size_t size) {
+ if (size > BUFSIZE_MAX) {
+ cmark_strbuf_overflow_err();
+ }
+ return (bufsize_t)size;
+}
+
#ifdef __cplusplus
}
#endif