-
Update spec.
-
Use unsigned integer when shifting (Phil Turnbull).
Avoids a UBSAN warning which can be triggered when handling a
long sequence of backticks. -
Avoid memcpy'ing NULL pointers (Phil Turnbull).
Avoids a UBSAN warning when link title is empty string.
The length of the memcpy is zero so the NULL pointer is not
dereferenced but it is still undefined behaviour. -
DeMorgan simplification of some tests in emphasis parser.
This also brings the code into closer alignment with the wording
of the spec (see commonmark/commonmark-spec#467). -
Fixed undefined shift in commonmark writer (#211).
Found by google/oss-fuzz:
https://oss-fuzz.com/v2/testcase-detail/4686992824598528. -
latex writer: fix memory overflow (#210).
We got an array overflow in enumerated lists nested more than
10 deep with start number =/= 1.
This commit also ensures that we don't try to setenum_
counters
that aren't defined by LaTeX (generally up to enumv).
Found by google/oss-fuzz:
https://oss-fuzz.com/v2/testcase-detail/5546760854306816. -
Check for NULL pointer in get_link_type (Phil Turnbull).
echo '[](xx:)' | ./build/src/cmark -t latex
gave a
segfault. -
Move fuzzing dictionary into single file (Phil Turnbull).
This allows AFL and libFuzzer to use the same dictionary -
Reset bytes after UTF8 proc (Yuki Izumi, #206).
-
Don't scan past an EOL (Yuki Izumi).
The existing negated character classes ([^…]
) are careful to
always include\x00
in the characters excluded, but these.
catch-alls can scan right past the terminating NUL placed
at the end of the buffer by_scan_at
. As such, buffer
overruns can occur. Also, don't scan past a newline in HTML
block end scanners. -
Document cases where
get_
functions returnNULL
(#155).
E.g.cmark_node_get_url
on a non-link or image. -
Properly handle backslashes in link destinations (#192).
Only ascii punctuation characters are escapable, per the spec. -
Fixed
cmark_node_get_list_start
to return 0 for bullet lists,
as documented (#202). -
Use
CMARK_NO_DELIM
for bullet lists (#201). -
Fixed code for freeing delimiter stack (#189).
-
Removed abort outside of conditional (typo).
-
Removed coercion in error message when aborting from buffer.
-
Print message to stderr when we abort due to memory demands (#188).
-
libcmark.pc
: useCMAKE_INSTALL_LIBDIR
(#185, Jens Petersen).
Needed for multilib distros like Fedora. -
Fixed buffer overflow error in
S_parser_feed
(#184).
The overflow could occur in the following condition:
the buffer ends with\r
and the next memory address
contains\n
. -
Update emphasis parsing for spec change.
Strong now goes inside Emph rather than the reverse,
when both scopes are possible. The code is much simpler.
This also avoids a spec inconsistency that cmark had previously:
***hi***
became Strong (Emph "hi")) but
***hi****
became Emph (Strong "hi")) "*" -
Fixes for the LaTeX renderer (#182, Doeme)
- Don't double-output the link in latex-rendering.
- Prevent ligatures in dashes sensibly when rendering latex.
\-
is a hyphenation, so it doesn't get displayed at all.
-
Added a test for NULL when freeing
subj->last_delim
. -
Cleaned up setting of lower bounds for openers.
We now use a much smaller array. -
Fix #178, quadratic parsing bug. Add pathological test.
-
Slight improvement of clarity of logic in emph matching.
-
Fix "multiple of 3" determination in emph/strong parsing.
We need to store the length of the original delimiter run,
instead of using the length of the remaining delimiters
after some have been subtracted. Test case:
a***b* c*
. Thanks to Raph Levin for reporting. -
Correctly initialize chunk in S_process_line (Nick Wellnhofer, #170).
Thealloc
member wasn't initialized. This also allows to add an
assertion inchunk_rtrim
which doesn't work for alloced chunks. -
Added 'make newbench'.
-
scanners.c
generated with re2c 0.16 (68K smaller!). -
scanners.re
- fixed warnings; use*
for fallback. -
Fixed some warnings in
scanners.re
. -
Update CaseFolding to latest (Kevin Wojniak, #168).
-
Allow balanced nested parens in link destinations (Yuki Izumi, #166)
-
Allocate enough bytes for backticks array.
-
Inlines: Ensure that the delimiter stack is freed in subject.
-
Fixed pathological cases with backtick code spans:
-
Removed recursion in scan_to_closing_backticks
-
Added an array of pointers to potential backtick closers
to subject -
This array is used to avoid traversing the subject again
when we've already seen all the potential backtick closers. -
Added a max bound of 1000 for backtick code span delimiters.
-
This helps with pathological cases like:
x x ` x `` x ``` x ```` ...
-
Added pathological test case.
Thanks to Martin Mitáš for identifying the problem and for
discussion of solutions. -
-
Make shared and static libraries optional (Azamat H. Hackimov).
Now you can enable/disable compilation and installation targets for
shared and static libraries via-DCMARK_SHARED=ON/OFF
and
-DCMARK_STATIC=ON/OFF
. -
Added support for built-in
${LIB_SUFFIX}
feature (Azamat H.
Hackimov). Replaced${LIB_INSTALL_DIR}
option with built-in
${LIB_SUFFIX}
for installing for 32/64-bit systems. Normally,
CMake will set${LIB_SUFFIX}
automatically for required enviroment.
If you have any issues with it, you can override this option with
-DLIB_SUFFIX=64
or-DLIB_SUFFIX=""
during configuration. -
Add Makefile target and harness to fuzz with libFuzzer (Phil Turnbull).
This can be run locally withmake libFuzzer
but the harness will be
integrated into oss-fuzz for large-scale fuzzing. -
Advertise
--validate-utf8
in usage information
(Nguyễn Thái Ngọc Duy). -
Makefile: use warnings with re2c.
-
README: Add link to Python wrapper, prettify languages list
(Pavlo Kapyshin). -
README: Add link to cmark-scala (Tim Nieradzik, #196)