summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn MacFarlane <jgm@berkeley.edu>2015-05-07 10:24:45 -0700
committerJohn MacFarlane <jgm@berkeley.edu>2015-05-07 10:24:45 -0700
commit1c242b8759413e3c1dd01a083a113b43ae4bff55 (patch)
tree7977e41419ec4c46f6539a6ec426c06d85227c94
parentc06c705260a6681a8bb5eebecd35422e388cab9f (diff)
parent5f52f7be7fa1e119fc74cabe1a3a4fd44b6e4623 (diff)
Merge pull request #37 from nwellnhof/numeric_entities
Multiple issues with numeric entities
-rw-r--r--api_test/main.c35
-rw-r--r--src/houdini_html_u.c39
2 files changed, 61 insertions, 13 deletions
diff --git a/api_test/main.c b/api_test/main.c
index 3390ac6..029a879 100644
--- a/api_test/main.c
+++ b/api_test/main.c
@@ -666,6 +666,40 @@ test_continuation_byte(test_batch_runner *runner, const char *utf8)
}
static void
+numeric_entities(test_batch_runner *runner)
+{
+ test_md_to_html(runner, "&#0;", "<p>" UTF8_REPL "</p>\n",
+ "Invalid numeric entity 0");
+ test_md_to_html(runner, "&#55295;", "<p>\xED\x9F\xBF</p>\n",
+ "Valid numeric entity 0xD7FF");
+ test_md_to_html(runner, "&#xD800;", "<p>" UTF8_REPL "</p>\n",
+ "Invalid numeric entity 0xD800");
+ test_md_to_html(runner, "&#xDFFF;", "<p>" UTF8_REPL "</p>\n",
+ "Invalid numeric entity 0xDFFF");
+ test_md_to_html(runner, "&#57344;", "<p>\xEE\x80\x80</p>\n",
+ "Valid numeric entity 0xE000");
+ test_md_to_html(runner, "&#x10FFFF;", "<p>\xF4\x8F\xBF\xBF</p>\n",
+ "Valid numeric entity 0x10FFFF");
+ test_md_to_html(runner, "&#x110000;", "<p>" UTF8_REPL "</p>\n",
+ "Invalid numeric entity 0x110000");
+ test_md_to_html(runner, "&#x80000000;", "<p>" UTF8_REPL "</p>\n",
+ "Invalid numeric entity 0x80000000");
+ test_md_to_html(runner, "&#xFFFFFFFF;", "<p>" UTF8_REPL "</p>\n",
+ "Invalid numeric entity 0xFFFFFFFF");
+ test_md_to_html(runner, "&#99999999;", "<p>" UTF8_REPL "</p>\n",
+ "Invalid numeric entity 99999999");
+
+ test_md_to_html(runner, "&#;", "<p>&amp;#;</p>\n",
+ "Min decimal entity length");
+ test_md_to_html(runner, "&#x;", "<p>&amp;#x;</p>\n",
+ "Min hexadecimal entity length");
+ test_md_to_html(runner, "&#999999999;", "<p>&amp;#999999999;</p>\n",
+ "Max decimal entity length");
+ test_md_to_html(runner, "&#x000000041;", "<p>&amp;#x000000041;</p>\n",
+ "Max hexadecimal entity length");
+}
+
+static void
test_md_to_html(test_batch_runner *runner, const char *markdown,
const char *expected_html, const char *msg)
{
@@ -690,6 +724,7 @@ int main() {
parser(runner);
render_html(runner);
utf8(runner);
+ numeric_entities(runner);
test_cplusplus(runner);
test_print_summary(runner);
diff --git a/src/houdini_html_u.c b/src/houdini_html_u.c
index 2cb14b4..eaf295e 100644
--- a/src/houdini_html_u.c
+++ b/src/houdini_html_u.c
@@ -12,32 +12,45 @@ houdini_unescape_ent(cmark_strbuf *ob, const uint8_t *src, size_t size)
{
size_t i = 0;
- if (size > 3 && src[0] == '#') {
- int codepoint = 0;
+ if (size >= 3 && src[0] == '#') {
+ int codepoint = 0;
+ int num_digits = 0;
if (_isdigit(src[1])) {
for (i = 1; i < size && _isdigit(src[i]); ++i) {
- int cp = (codepoint * 10) + (src[i] - '0');
+ codepoint = (codepoint * 10) + (src[i] - '0');
- if (cp < codepoint)
- return 0;
-
- codepoint = cp;
+ if (codepoint >= 0x110000) {
+ // Keep counting digits but
+ // avoid integer overflow.
+ codepoint = 0x110000;
+ }
}
+
+ num_digits = i - 1;
}
else if (src[1] == 'x' || src[1] == 'X') {
for (i = 2; i < size && _isxdigit(src[i]); ++i) {
- int cp = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
+ codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
- if (cp < codepoint)
- return 0;
-
- codepoint = cp;
+ if (codepoint >= 0x110000) {
+ // Keep counting digits but
+ // avoid integer overflow.
+ codepoint = 0x110000;
+ }
}
+
+ num_digits = i - 2;
}
- if (i < size && src[i] == ';' && codepoint) {
+ if (num_digits >= 1 && num_digits <= 8 &&
+ i < size && src[i] == ';') {
+ if (codepoint == 0 ||
+ (codepoint >= 0xD800 && codepoint < 0xE000) ||
+ codepoint >= 0x110000) {
+ codepoint = 0xFFFD;
+ }
utf8proc_encode_char(codepoint, ob);
return i + 1;
}