diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2015-06-07 16:54:37 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2015-06-07 21:42:15 +0200 |
commit | bef240d45b5eda3a584ca1a495f54cb17ff8895f (patch) | |
tree | 2f51762317d378dd20ed991daef49d2a3cf86f89 /src/blocks.c | |
parent | 7382fd5eba48107a8190bd2d6232cc3b6e20d8fc (diff) |
Check for overflow in S_parser_feed
Guard against too large chunks passed via the API.
Diffstat (limited to 'src/blocks.c')
-rw-r--r-- | src/blocks.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/blocks.c b/src/blocks.c index 72b1ca5..a3ac712 100644 --- a/src/blocks.c +++ b/src/blocks.c @@ -497,6 +497,7 @@ S_parser_feed(cmark_parser *parser, const unsigned char *buffer, size_t len, while (buffer < end) { const unsigned char *eol; size_t line_len; + bufsize_t bufsize; for (eol = buffer; eol < end; ++eol) { if (S_is_line_end_char(*eol)) @@ -514,17 +515,19 @@ S_parser_feed(cmark_parser *parser, const unsigned char *buffer, size_t len, } else if (eof) { line_len = end - buffer; } else { - cmark_strbuf_put(parser->linebuf, buffer, end - buffer); + bufsize = cmark_strbuf_check_bufsize(end - buffer); + cmark_strbuf_put(parser->linebuf, buffer, bufsize); break; } + bufsize = cmark_strbuf_check_bufsize(line_len); if (parser->linebuf->size > 0) { - cmark_strbuf_put(parser->linebuf, buffer, line_len); + cmark_strbuf_put(parser->linebuf, buffer, bufsize); S_process_line(parser, parser->linebuf->ptr, parser->linebuf->size); cmark_strbuf_clear(parser->linebuf); } else { - S_process_line(parser, buffer, line_len); + S_process_line(parser, buffer, bufsize); } buffer += line_len; |