summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJohn MacFarlane <jgm@berkeley.edu>2019-11-11 12:52:35 -0800
committerJohn MacFarlane <jgm@berkeley.edu>2019-11-11 12:52:35 -0800
commitcb1cd888cce0cae20a33663d6d17ef7630c5d4d7 (patch)
tree203fed956b1e831cdbb2e149e9271ae67b0eaa0a /src
parent7d04065de4c793003af01647ff23132de1c9e919 (diff)
Fix entity parser (and api test) to respect length limit on numeric entities.
Diffstat (limited to 'src')
-rw-r--r--src/inlines.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/inlines.c b/src/inlines.c
index 2a84242..263a39b 100644
--- a/src/inlines.c
+++ b/src/inlines.c
@@ -784,13 +784,18 @@ static cmark_node *handle_backslash(subject *subj) {
static cmark_node *handle_entity(subject *subj) {
cmark_strbuf ent = CMARK_BUF_INIT(subj->mem);
bufsize_t len;
+ int length_limit = 256;
advance(subj);
len = houdini_unescape_ent(&ent, subj->input.data + subj->pos,
subj->input.len - subj->pos);
- if (len == 0)
+ if (peek_char(subj) == '#') {
+ length_limit = 9; // includes #, optional x for hex, and ;
+ }
+
+ if (len <= 0 || len > length_limit)
return make_str(subj, subj->pos - 1, subj->pos - 1, cmark_chunk_literal("&"));
subj->pos += len;