diff options
author | John MacFarlane <jgm@berkeley.edu> | 2015-05-07 10:24:45 -0700 |
---|---|---|
committer | John MacFarlane <jgm@berkeley.edu> | 2015-05-07 10:24:45 -0700 |
commit | 1c242b8759413e3c1dd01a083a113b43ae4bff55 (patch) | |
tree | 7977e41419ec4c46f6539a6ec426c06d85227c94 | |
parent | c06c705260a6681a8bb5eebecd35422e388cab9f (diff) | |
parent | 5f52f7be7fa1e119fc74cabe1a3a4fd44b6e4623 (diff) |
Merge pull request #37 from nwellnhof/numeric_entities
Multiple issues with numeric entities
-rw-r--r-- | api_test/main.c | 35 | ||||
-rw-r--r-- | src/houdini_html_u.c | 39 |
2 files changed, 61 insertions, 13 deletions
diff --git a/api_test/main.c b/api_test/main.c index 3390ac6..029a879 100644 --- a/api_test/main.c +++ b/api_test/main.c @@ -666,6 +666,40 @@ test_continuation_byte(test_batch_runner *runner, const char *utf8) } static void +numeric_entities(test_batch_runner *runner) +{ + test_md_to_html(runner, "�", "<p>" UTF8_REPL "</p>\n", + "Invalid numeric entity 0"); + test_md_to_html(runner, "퟿", "<p>\xED\x9F\xBF</p>\n", + "Valid numeric entity 0xD7FF"); + test_md_to_html(runner, "�", "<p>" UTF8_REPL "</p>\n", + "Invalid numeric entity 0xD800"); + test_md_to_html(runner, "�", "<p>" UTF8_REPL "</p>\n", + "Invalid numeric entity 0xDFFF"); + test_md_to_html(runner, "", "<p>\xEE\x80\x80</p>\n", + "Valid numeric entity 0xE000"); + test_md_to_html(runner, "", "<p>\xF4\x8F\xBF\xBF</p>\n", + "Valid numeric entity 0x10FFFF"); + test_md_to_html(runner, "�", "<p>" UTF8_REPL "</p>\n", + "Invalid numeric entity 0x110000"); + test_md_to_html(runner, "�", "<p>" UTF8_REPL "</p>\n", + "Invalid numeric entity 0x80000000"); + test_md_to_html(runner, "�", "<p>" UTF8_REPL "</p>\n", + "Invalid numeric entity 0xFFFFFFFF"); + test_md_to_html(runner, "�", "<p>" UTF8_REPL "</p>\n", + "Invalid numeric entity 99999999"); + + test_md_to_html(runner, "&#;", "<p>&#;</p>\n", + "Min decimal entity length"); + test_md_to_html(runner, "&#x;", "<p>&#x;</p>\n", + "Min hexadecimal entity length"); + test_md_to_html(runner, "�", "<p>&#999999999;</p>\n", + "Max decimal entity length"); + test_md_to_html(runner, "A", "<p>&#x000000041;</p>\n", + "Max hexadecimal entity length"); +} + +static void test_md_to_html(test_batch_runner *runner, const char *markdown, const char *expected_html, const char *msg) { @@ -690,6 +724,7 @@ int main() { parser(runner); render_html(runner); utf8(runner); + numeric_entities(runner); test_cplusplus(runner); test_print_summary(runner); diff --git a/src/houdini_html_u.c b/src/houdini_html_u.c index 2cb14b4..eaf295e 100644 --- a/src/houdini_html_u.c +++ b/src/houdini_html_u.c @@ -12,32 +12,45 @@ houdini_unescape_ent(cmark_strbuf *ob, const uint8_t *src, size_t size) { size_t i = 0; - if (size > 3 && src[0] == '#') { - int codepoint = 0; + if (size >= 3 && src[0] == '#') { + int codepoint = 0; + int num_digits = 0; if (_isdigit(src[1])) { for (i = 1; i < size && _isdigit(src[i]); ++i) { - int cp = (codepoint * 10) + (src[i] - '0'); + codepoint = (codepoint * 10) + (src[i] - '0'); - if (cp < codepoint) - return 0; - - codepoint = cp; + if (codepoint >= 0x110000) { + // Keep counting digits but + // avoid integer overflow. + codepoint = 0x110000; + } } + + num_digits = i - 1; } else if (src[1] == 'x' || src[1] == 'X') { for (i = 2; i < size && _isxdigit(src[i]); ++i) { - int cp = (codepoint * 16) + ((src[i] | 32) % 39 - 9); + codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9); - if (cp < codepoint) - return 0; - - codepoint = cp; + if (codepoint >= 0x110000) { + // Keep counting digits but + // avoid integer overflow. + codepoint = 0x110000; + } } + + num_digits = i - 2; } - if (i < size && src[i] == ';' && codepoint) { + if (num_digits >= 1 && num_digits <= 8 && + i < size && src[i] == ';') { + if (codepoint == 0 || + (codepoint >= 0xD800 && codepoint < 0xE000) || + codepoint >= 0x110000) { + codepoint = 0xFFFD; + } utf8proc_encode_char(codepoint, ob); return i + 1; } |