From 6e8f0bf2d394f7dc444efe003e1b65610a57f30c Mon Sep 17 00:00:00 2001 From: John MacFarlane Date: Thu, 29 Jun 2017 10:23:20 +0200 Subject: Fixed undefined shift in commonmark writer. Closes #211. Found by google/oss-fuzz: https://oss-fuzz.com/v2/testcase-detail/4686992824598528 --- src/commonmark.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/commonmark.c b/src/commonmark.c index b8b1820..a9ba566 100644 --- a/src/commonmark.c +++ b/src/commonmark.c @@ -1,6 +1,7 @@ #include #include #include +#include #include #include "config.h" @@ -81,7 +82,9 @@ static int longest_backtick_sequence(const char *code) { } static int shortest_unused_backtick_sequence(const char *code) { - int32_t used = 1; + // note: if the shortest sequence is >= 32, this returns 32 + // so as not to overflow the bit array. + uint32_t used = 1; int current = 0; size_t i = 0; size_t code_len = strlen(code); @@ -89,7 +92,7 @@ static int shortest_unused_backtick_sequence(const char *code) { if (code[i] == '`') { current++; } else { - if (current) { + if (current > 0 && current < 32) { used |= (1 << current); } current = 0; @@ -98,7 +101,7 @@ static int shortest_unused_backtick_sequence(const char *code) { } // return number of first bit that is 0: i = 0; - while (used & 1) { + while (i < 32 && used & 1) { used = used >> 1; i++; } -- cgit v1.2.3