From 5f52f7be7fa1e119fc74cabe1a3a4fd44b6e4623 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Thu, 7 May 2015 17:26:36 +0200 Subject: Multiple issues with numeric entities This closes #33. --- api_test/main.c | 35 +++++++++++++++++++++++++++++++++++ src/houdini_html_u.c | 39 ++++++++++++++++++++++++++------------- 2 files changed, 61 insertions(+), 13 deletions(-) diff --git a/api_test/main.c b/api_test/main.c index 3390ac6..029a879 100644 --- a/api_test/main.c +++ b/api_test/main.c @@ -665,6 +665,40 @@ test_continuation_byte(test_batch_runner *runner, const char *utf8) } } +static void +numeric_entities(test_batch_runner *runner) +{ + test_md_to_html(runner, "�", "

" UTF8_REPL "

\n", + "Invalid numeric entity 0"); + test_md_to_html(runner, "퟿", "

\xED\x9F\xBF

\n", + "Valid numeric entity 0xD7FF"); + test_md_to_html(runner, "�", "

" UTF8_REPL "

\n", + "Invalid numeric entity 0xD800"); + test_md_to_html(runner, "�", "

" UTF8_REPL "

\n", + "Invalid numeric entity 0xDFFF"); + test_md_to_html(runner, "", "

\xEE\x80\x80

\n", + "Valid numeric entity 0xE000"); + test_md_to_html(runner, "􏿿", "

\xF4\x8F\xBF\xBF

\n", + "Valid numeric entity 0x10FFFF"); + test_md_to_html(runner, "�", "

" UTF8_REPL "

\n", + "Invalid numeric entity 0x110000"); + test_md_to_html(runner, "�", "

" UTF8_REPL "

\n", + "Invalid numeric entity 0x80000000"); + test_md_to_html(runner, "�", "

" UTF8_REPL "

\n", + "Invalid numeric entity 0xFFFFFFFF"); + test_md_to_html(runner, "�", "

" UTF8_REPL "

\n", + "Invalid numeric entity 99999999"); + + test_md_to_html(runner, "&#;", "

&#;

\n", + "Min decimal entity length"); + test_md_to_html(runner, "&#x;", "

&#x;

\n", + "Min hexadecimal entity length"); + test_md_to_html(runner, "�", "

�

\n", + "Max decimal entity length"); + test_md_to_html(runner, "A", "

A

\n", + "Max hexadecimal entity length"); +} + static void test_md_to_html(test_batch_runner *runner, const char *markdown, const char *expected_html, const char *msg) @@ -690,6 +724,7 @@ int main() { parser(runner); render_html(runner); utf8(runner); + numeric_entities(runner); test_cplusplus(runner); test_print_summary(runner); diff --git a/src/houdini_html_u.c b/src/houdini_html_u.c index 2cb14b4..eaf295e 100644 --- a/src/houdini_html_u.c +++ b/src/houdini_html_u.c @@ -12,32 +12,45 @@ houdini_unescape_ent(cmark_strbuf *ob, const uint8_t *src, size_t size) { size_t i = 0; - if (size > 3 && src[0] == '#') { - int codepoint = 0; + if (size >= 3 && src[0] == '#') { + int codepoint = 0; + int num_digits = 0; if (_isdigit(src[1])) { for (i = 1; i < size && _isdigit(src[i]); ++i) { - int cp = (codepoint * 10) + (src[i] - '0'); + codepoint = (codepoint * 10) + (src[i] - '0'); - if (cp < codepoint) - return 0; - - codepoint = cp; + if (codepoint >= 0x110000) { + // Keep counting digits but + // avoid integer overflow. + codepoint = 0x110000; + } } + + num_digits = i - 1; } else if (src[1] == 'x' || src[1] == 'X') { for (i = 2; i < size && _isxdigit(src[i]); ++i) { - int cp = (codepoint * 16) + ((src[i] | 32) % 39 - 9); + codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9); - if (cp < codepoint) - return 0; - - codepoint = cp; + if (codepoint >= 0x110000) { + // Keep counting digits but + // avoid integer overflow. + codepoint = 0x110000; + } } + + num_digits = i - 2; } - if (i < size && src[i] == ';' && codepoint) { + if (num_digits >= 1 && num_digits <= 8 && + i < size && src[i] == ';') { + if (codepoint == 0 || + (codepoint >= 0xD800 && codepoint < 0xE000) || + codepoint >= 0x110000) { + codepoint = 0xFFFD; + } utf8proc_encode_char(codepoint, ob); return i + 1; } -- cgit v1.2.3