summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJohn MacFarlane <jgm@berkeley.edu>2017-06-29 10:23:20 +0200
committerJohn MacFarlane <jgm@berkeley.edu>2017-06-29 10:32:06 +0200
commit6e8f0bf2d394f7dc444efe003e1b65610a57f30c (patch)
tree98f470543f285b7c1fcad38eb46b32fb98c3f554 /src
parentf8737b1c82981624b3263224dbf92fa6627f7205 (diff)
Fixed undefined shift in commonmark writer.
Closes #211. Found by google/oss-fuzz: https://oss-fuzz.com/v2/testcase-detail/4686992824598528
Diffstat (limited to 'src')
-rw-r--r--src/commonmark.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/commonmark.c b/src/commonmark.c
index b8b1820..a9ba566 100644
--- a/src/commonmark.c
+++ b/src/commonmark.c
@@ -1,6 +1,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <stdint.h>
#include <assert.h>
#include "config.h"
@@ -81,7 +82,9 @@ static int longest_backtick_sequence(const char *code) {
}
static int shortest_unused_backtick_sequence(const char *code) {
- int32_t used = 1;
+ // note: if the shortest sequence is >= 32, this returns 32
+ // so as not to overflow the bit array.
+ uint32_t used = 1;
int current = 0;
size_t i = 0;
size_t code_len = strlen(code);
@@ -89,7 +92,7 @@ static int shortest_unused_backtick_sequence(const char *code) {
if (code[i] == '`') {
current++;
} else {
- if (current) {
+ if (current > 0 && current < 32) {
used |= (1 << current);
}
current = 0;
@@ -98,7 +101,7 @@ static int shortest_unused_backtick_sequence(const char *code) {
}
// return number of first bit that is 0:
i = 0;
- while (used & 1) {
+ while (i < 32 && used & 1) {
used = used >> 1;
i++;
}