summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-10-30Modified print_delimiters (commented out) so it compiles again.John MacFarlane
2016-10-11Ran 'make format' to reformat code.John MacFarlane
2016-10-11Changed logic for null/eol checks.John MacFarlane
- only check once for "not at end of line" - check for null before we check for newline characters (the previous patch would fail for NULL + CR) See #160.
2016-10-11Fix by not advancing past both \0 and \nYuki Izumi
2016-09-27One more cmark_mem useYuki Izumi
2016-09-26Merge pull request #157 from kivikakk/list-parse-mem-leakJohn MacFarlane
Fix memory leak in list parsing
2016-09-26Fix memory leak in list parsingYuki Izumi
If `parse_list_marker` returns 1, but the second part of the `&&` clause is false, we leak `data` here.
2016-09-26Use cmark_mem to free where used to allocYuki Izumi
2016-09-15Allow a shortcut link before a (.John MacFarlane
See jgm/CommonMark#427
2016-09-14Allow tabs after setext header line.John MacFarlane
See jgm/commonmark.js#109
2016-09-13Regenerated scanners.c.John MacFarlane
2016-09-13Don't let URI schemes start with spaces.John MacFarlane
2016-09-13Merge pull request #153 from gaborcsardi/patch-1John MacFarlane
autolink scheme can contain digits
2016-09-12Fixed h2..h6 HTML blocks (jgm/CommonMark#430).John MacFarlane
Added regression test.
2016-09-12autolink scheme can contain digitsGábor Csárdi
2016-08-26Fix nullary function declarations in cmark.hNick Wellnhofer
Fixes strict prototypes warnings.
2016-07-16Removed size_t and ssize_t defs for WIN32.John MacFarlane
2016-07-15Reformatted.John MacFarlane
2016-07-14Merge pull request #137 from foonathan/masterJohn MacFarlane
CMake fixes
2016-07-13Fix sourcepos for blockquotes.John MacFarlane
Fixes #142.
2016-07-13Replaced check for `\n` with `S_is_line_end_char`.John MacFarlane
2016-07-13Empty list items cannot interrupt paragraphs (spec change).John MacFarlane
2016-07-11Fix mistaken sourcepos for atx headers.John MacFarlane
Closes #141.
2016-07-11Removed "two blanks breaks out of a list" feature.John MacFarlane
2016-07-11Don't allow ordered lists to interrupt paragraphs unless...John MacFarlane
...they start with 1.
2016-07-03Fix chunk_set_cstr with suffix of current stringNick Wellnhofer
It's possible that cmark_chunk_set_cstr is called with a substring (suffix) of the current string. Delay freeing of the chunk content to handle this case correctly. Fixes issue #139.
2016-07-02Fixed ATX headers and thematic breaks to allow tabs as well as spaces.John MacFarlane
2016-06-27Change export install locationJonathan Müller
2016-06-27Export the targets on installationJonathan Müller
This allows using them in other cmake projects.
2016-06-24Reformatted.John MacFarlane
2016-06-24Removed redundant check.John MacFarlane
2016-06-24Changed `process_emphasis` to get better results in corner cases.John MacFarlane
This will need corresponding spec changes. The change is this: when considering matches between an interior delimiter run (one that can open and can close) and another delimiter run, we require that the sum of the lengths of the two delimiter runs mod 3 is not 0. Thus, for example, in *a**b* 1 23 4 delimiter 1 cannot match 2, since the sum of the lengths of the first delimiter run (1) and the second (1,2) == 3. Thus we get `<em>a**b</em>` instead of `<em>a</em><em>b</em>`. This gives better behavior on things like *a**b**c* which previously got parsed as <em>a</em><em>b</em><em>c</em> and now would be parsed as <em>a<strong>b</strong>c</em> With this change we get four spec test failures, but in each case the output seems more "intuitive": ``` Example 386 (lines 6490-6494) Emphasis and strong emphasis *foo**bar**baz* --- expected HTML +++ actual HTML @@ -1 +1 @@ -<p><em>foo</em><em>bar</em><em>baz</em></p> +<p><em>foo<strong>bar</strong>baz</em></p> Example 389 (lines 6518-6522) Emphasis and strong emphasis *foo**bar*** --- expected HTML +++ actual HTML @@ -1 +1 @@ -<p><em>foo</em><em>bar</em>**</p> +<p><em>foo<strong>bar</strong></em></p> Example 401 (lines 6620-6624) Emphasis and strong emphasis **foo*bar*baz** --- expected HTML +++ actual HTML @@ -1 +1 @@ -<p><em><em>foo</em>bar</em>baz**</p> +<p><strong>foo<em>bar</em>baz</strong></p> Example 442 (lines 6944-6948) Emphasis and strong emphasis **foo*bar** --- expected HTML +++ actual HTML @@ -1 +1 @@ -<p><em><em>foo</em>bar</em>*</p> +<p><strong>foo*bar</strong></p> ```
2016-06-23Removed positon from delimiter struct.John MacFarlane
It is no longer needed; only the brackets struct needs it. Thanks to @robinst.
2016-06-23Removed check for same mem allocator in S_can_contain.John MacFarlane
This is too strict, as it prevents the use of dynamically loaded extensions: see https://github.com/jgm/cmark/pull/123#discussion_r67231518. Documented in man page and public header that one should use the same memory allocator for every node in a tree.
2016-06-23Ported robinst's changes to link parsing.John MacFarlane
See https://github.com/jgm/commonmark.js/pull/101 This uses a separate stack for brackets, instead of putting them on the delimiter stack. This avoids the need for looking through the delimiter stack for the next bracket. It also avoids a shortcut reference lookup when the reference text contains brackets. The change dramatically improved performance on the nested links pathological test for commonmark.js. It has a smaller but measurable effect here.
2016-06-23Revert "Better parsing of shortcut references."John MacFarlane
This reverts commit c069cb55bcadfd0f45890d846ff412b3c892eb87.
2016-06-22Better parsing of shortcut references.John MacFarlane
We reuse the parser for reference labels, instead of just assuming that a slice of the link text will be a valid reference label. (It might contain interior brackets, for example.)
2016-06-22cmark_reference_lookup: Return NULL if reference is null string.John MacFarlane
2016-06-06msvc: Fix warnings and errorsVicent Marti
2016-06-06cmark: Remove old includeVicent Marti
2016-06-06mem: Rename the new APIsVicent Marti
2016-06-06mem: Add a `realloc` pointer to the memory handlerVicent Marti
2016-06-06Do not include `stdbool`Vicent Marti
2016-06-06node: Memory dietVicent Marti
Reduce the storage size for the `cmark_code` struct
2016-06-06buffer: rever to using a 32-bit bufsize_tVicent Marti
2016-06-06node: Memory dietVicent Marti
Save node information in flags instead of using one boolean for each property.
2016-06-06cmark: Implement support for custom allocatorsVicent Marti
2016-06-06config: Add SSIZE_T compat for Win32Vicent Marti
2016-06-06cmake: Global handler for OOM situationsVicent Marti
2016-06-06buffer: proper safety checks for unbounded memoryVicent Marti
The previous work for unbounded memory usage and overflows on the buffer API had several shortcomings: 1. The total size of the buffer was limited by arbitrarily small precision on the storage type for buffer indexes (typedef'd as `bufsize_t`). This is not a good design pattern in secure applications, particualarly since it requires the addition of helper functions to cast to/from the native `size` types and the custom type for the buffer, and check for overflows. 2. The library was calling `abort` on overflow and memory allocation failures. This is not a good practice for production libraries, since it turns a potential RCE into a trivial, guaranteed DoS to the whole application that is linked against the library. It defeats the whole point of performing overflow or allocation checks when the checks will crash the library and the enclosing program anyway. 3. The default size limits for buffers were essentially unbounded (capped to the precision of the storage type) and could lead to DoS attacks by simple memory exhaustion (particularly critical in 32-bit platforms). This is not a good practice for a library that handles arbitrary user input. Hence, this patchset provides slight (but in my opinion critical) improvements on this area, copying some of the patterns we've used in the past for high throughput, security sensitive Markdown parsers: 1. The storage type for buffer sizes is now platform native (`ssize_t`). Ideally, this would be a `size_t`, but several parts of the code expect buffer indexes to be possibly negative. Either way, switching to a `size` type is an strict improvement, particularly in 64-bit platforms. All the helpers that assured that values cannot escape the `size` range have been removed, since they are superfluous. 2. The overflow checks have been removed. Instead, the maximum size for a buffer has been set to a safe value for production usage (32mb) that can be proven not to overflow in practice. Users that need to parse particularly large Markdown documents can increase this value. A static, compile-time check has been added to ensure that the maximum buffer size cannot overflow on any growth operations. 3. The library no longer aborts on buffer overflow. The CMark library now follows the convention of other Markdown implementations (such as Hoedown and Sundown) and silently handles buffer overflows and allocation failures by dropping data from the buffer. The result is that pathological Markdown documents that try to exploit the library will instead generate truncated (but valid, and safe) outputs. All tests after these small refactorings have been verified to pass. --- NOTE: Regarding 32 bit overflows, generating test cases that crash the library is trivial (any input document larger than 2gb will crash CMark), but most Python implementations have issues with large strings to begin with, so a test case cannot be added to the pathological tests suite, since it's written in Python.