From e489ba4ccb92af53ea823223481005384fad5e14 Mon Sep 17 00:00:00 2001
From: Phil Turnbull <philipturnbull@github.com>
Date: Fri, 16 Feb 2018 13:25:56 -0500
Subject: Check for empty buffer when rendering

For empty documents, `->size` is zero so
`renderer.buffer->ptr[renderer.buffer->size - 1]` will cause an out-of-bounds
read. Empty buffers always point to the global `cmark_strbuf__initbuf` buffer
so we read `cmark_strbuf__initbuf[-1]`.
---
 src/render.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/render.c')

diff --git a/src/render.c b/src/render.c
index 20dca5f..5abd52e 100644
--- a/src/render.c
+++ b/src/render.c
@@ -171,7 +171,7 @@ char *cmark_render(cmark_node *root, int options, int width,
   }
 
   // ensure final newline
-  if (renderer.buffer->ptr[renderer.buffer->size - 1] != '\n') {
+  if (renderer.buffer->size == 0 || renderer.buffer->ptr[renderer.buffer->size - 1] != '\n') {
     cmark_strbuf_putc(renderer.buffer, '\n');
   }
 
-- 
cgit v1.2.3