Check return status of utf8proc_iterate. Closes #27.

If unicode parsing gives an error condition, we just skip the
rest of the string without rendering anything and proceed.
I'm not sure if that's the best way to handle this, but
garbage in, garbage out.

Note: this bug was found using american fuzzy lop.

2 files changed, 6 insertions, 0 deletions

diff --git a/src/commonmark.c b/src/commonmark.c
index bef92f6..24ee8ce 100644
--- a/src/commonmark.c
+++ b/src/commonmark.c
@@ -117,6 +117,9 @@ static inline void out(struct render_state *state,
 		}
 
 		len = utf8proc_iterate(source + i, length - i, &c);
+		if (len == -1) { // error condition
+			return;  // return without rendering rest of string
+		}
 		nextc = source[i + len];
 		if (c == 32 && wrap) {
 			if (!state->begin_line) {
diff --git a/src/man.c b/src/man.c
index 27cd2e4..8ff4a9f 100644
--- a/src/man.c
+++ b/src/man.c
@@ -20,6 +20,9 @@ static void escape_man(cmark_strbuf *dest, const unsigned char *source, int leng
 
 	while (i < length) {
 		len = utf8proc_iterate(source + i, length - i, &c);
+		if (len == -1) { // error condition
+			return;  // return without rendering anything
+		}
 		switch(c) {
 		case 46:
 			if (beginLine) {