Prevent implicit integer truncations

This commit changes size integers to consistently be of type size_t
to prevent implicit integer truncations during integer arithmetic.

What remain are explicit truncations to (bufsize_t) which is of type
int32_t. This requires additional careful consideration.

Author: anticomputer

extensions/autolink.c

@@ -9,6 +9,14 @@
 #include <strings.h>
 #endif
 
+// for ssize_t
+#ifdef _MSC_VER
+#include <BaseTsd.h>
+typedef SSIZE_T ssize_t;
+#else
+#include <unistd.h>
+#endif
+
 static int is_valid_hostchar(const uint8_t *link, size_t link_len) {
   int32_t ch;
   int r = cmark_utf8proc_iterate(link, (bufsize_t)link_len, &ch);
@@ -290,10 +298,10 @@ static cmark_node *match(cmark_syntax_extension *ext, cmark_parser *parser,
   // inline was finished in inlines.c.
 }
 
-static bool validate_protocol(char protocol[], uint8_t *data, int rewind, int max_rewind) {
+static bool validate_protocol(char protocol[], uint8_t *data, size_t rewind, size_t max_rewind) {
   size_t len = strlen(protocol);
 
-  if (len > (size_t)(max_rewind - rewind)) {
+  if (len > (max_rewind - rewind)) {
     return false;
   }
 
@@ -302,11 +310,11 @@ static bool validate_protocol(char protocol[], uint8_t *data, int rewind, int ma
     return false;
   }
 
-  if (len == (size_t)(max_rewind - rewind)) {
+  if (len == (max_rewind - rewind)) {
     return true;
   }
 
-  char prev_char = data[-rewind - len - 1];
+  char prev_char = data[-((ssize_t)rewind) - len - 1];
 
   // Make sure the character before the protocol is non-alphanumeric
   return !cmark_isalnum(prev_char);
@@ -421,7 +429,7 @@ static void postprocess_text(cmark_parser *parser, cmark_node *text) {
     cmark_node *link_text = cmark_node_new_with_mem(CMARK_NODE_TEXT, parser->mem);
     cmark_chunk email = cmark_chunk_dup(
       &detached_chunk,
-      start + offset + max_rewind - rewind,
+      (bufsize_t)(start + offset + max_rewind - rewind),
       (bufsize_t)(link_end + rewind));
     cmark_chunk_to_cstr(parser->mem, &email);
     link_text->as.literal = email;
@@ -436,7 +444,7 @@ static void postprocess_text(cmark_parser *parser, cmark_node *text) {
 
     cmark_node_insert_after(link_node, post);
 
-    text->as.literal = cmark_chunk_dup(&detached_chunk, start, offset + max_rewind - rewind);
+    text->as.literal = cmark_chunk_dup(&detached_chunk, (bufsize_t)start, (bufsize_t)(offset + max_rewind - rewind));
     cmark_chunk_to_cstr(parser->mem, &text->as.literal);
 
     text = post;

extensions/table.c

@@ -133,7 +133,7 @@ static node_cell* append_row_cell(cmark_mem *mem, table_row *row) {
     // Use realloc to double the size of the buffer.
     row->cells = (node_cell *)mem->realloc(row->cells, (2 * n_columns - 1) * sizeof(node_cell));
   }
-  row->n_columns = n_columns;
+  row->n_columns = (uint16_t)n_columns;
   return &row->cells[n_columns-1];
 }
 

src/map.c

@@ -51,7 +51,7 @@ refsearch(const void *label, const void *p2) {
 }
 
 static void sort_map(cmark_map *map) {
-  unsigned int i = 0, last = 0, size = map->size;
+  size_t i = 0, last = 0, size = map->size;
   cmark_map_entry *r = map->refs, **sorted = NULL;
 
   sorted = (cmark_map_entry **)map->mem->calloc(size, sizeof(cmark_map_entry *));

src/map.h

@@ -10,8 +10,8 @@ extern "C" {
 struct cmark_map_entry {
   struct cmark_map_entry *next;
   unsigned char *label;
-  unsigned int age;
-  unsigned int size;
+  size_t age;
+  size_t size;
 };
 
 typedef struct cmark_map_entry cmark_map_entry;
@@ -24,9 +24,9 @@ struct cmark_map {
   cmark_mem *mem;
   cmark_map_entry *refs;
   cmark_map_entry **sorted;
-  unsigned int size;
-  unsigned int ref_size;
-  unsigned int max_ref_size;
+  size_t size;
+  size_t ref_size;
+  size_t max_ref_size;
   cmark_map_free_f free;
 };
 

src/parser.h

@@ -46,7 +46,7 @@ struct cmark_parser {
   /* Options set by the user, see the Options section in cmark.h */
   int options;
   bool last_buffer_ended_with_cr;
-  unsigned int total_size;
+  size_t total_size;
   cmark_llist *syntax_extensions;
   cmark_llist *inline_syntax_extensions;
   cmark_ispunct_func backslash_ispunct;