summaryrefslogtreecommitdiff
path: root/src/houdini_html_u.c
diff options
context:
space:
mode:
authorJohn MacFarlane <jgm@berkeley.edu>2015-05-07 10:24:45 -0700
committerJohn MacFarlane <jgm@berkeley.edu>2015-05-07 10:24:45 -0700
commit1c242b8759413e3c1dd01a083a113b43ae4bff55 (patch)
tree7977e41419ec4c46f6539a6ec426c06d85227c94 /src/houdini_html_u.c
parentc06c705260a6681a8bb5eebecd35422e388cab9f (diff)
parent5f52f7be7fa1e119fc74cabe1a3a4fd44b6e4623 (diff)
Merge pull request #37 from nwellnhof/numeric_entities
Multiple issues with numeric entities
Diffstat (limited to 'src/houdini_html_u.c')
-rw-r--r--src/houdini_html_u.c39
1 files changed, 26 insertions, 13 deletions
diff --git a/src/houdini_html_u.c b/src/houdini_html_u.c
index 2cb14b4..eaf295e 100644
--- a/src/houdini_html_u.c
+++ b/src/houdini_html_u.c
@@ -12,32 +12,45 @@ houdini_unescape_ent(cmark_strbuf *ob, const uint8_t *src, size_t size)
{
size_t i = 0;
- if (size > 3 && src[0] == '#') {
- int codepoint = 0;
+ if (size >= 3 && src[0] == '#') {
+ int codepoint = 0;
+ int num_digits = 0;
if (_isdigit(src[1])) {
for (i = 1; i < size && _isdigit(src[i]); ++i) {
- int cp = (codepoint * 10) + (src[i] - '0');
+ codepoint = (codepoint * 10) + (src[i] - '0');
- if (cp < codepoint)
- return 0;
-
- codepoint = cp;
+ if (codepoint >= 0x110000) {
+ // Keep counting digits but
+ // avoid integer overflow.
+ codepoint = 0x110000;
+ }
}
+
+ num_digits = i - 1;
}
else if (src[1] == 'x' || src[1] == 'X') {
for (i = 2; i < size && _isxdigit(src[i]); ++i) {
- int cp = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
+ codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
- if (cp < codepoint)
- return 0;
-
- codepoint = cp;
+ if (codepoint >= 0x110000) {
+ // Keep counting digits but
+ // avoid integer overflow.
+ codepoint = 0x110000;
+ }
}
+
+ num_digits = i - 2;
}
- if (i < size && src[i] == ';' && codepoint) {
+ if (num_digits >= 1 && num_digits <= 8 &&
+ i < size && src[i] == ';') {
+ if (codepoint == 0 ||
+ (codepoint >= 0xD800 && codepoint < 0xE000) ||
+ codepoint >= 0x110000) {
+ codepoint = 0xFFFD;
+ }
utf8proc_encode_char(codepoint, ob);
return i + 1;
}