Fix GHSA-66g8-4hjf-77xh: don't run expense safety check which causes quadratic performance.

Author: kevinbackhouse

api_test/main.c

@@ -1133,6 +1133,7 @@ int main() {
   int retval;
   test_batch_runner *runner = test_batch_runner_new();
 
+  cmark_enable_safety_checks(true);
   version(runner);
   constructor(runner);
   accessors(runner);

src/node.c

@@ -5,6 +5,16 @@
 #include "node.h"
 #include "syntax_extension.h"
 
+/**
+ * Expensive safety checks are off by default, but can be enabled
+ * by calling cmark_enable_safety_checks().
+ */
+static bool enable_safety_checks = false;
+
+void cmark_enable_safety_checks(bool enable) {
+  enable_safety_checks = enable;
+}
+
 static void S_node_unlink(cmark_node *node);
 
 #define NODE_MEM(node) cmark_node_mem(node)
@@ -70,23 +80,23 @@ bool cmark_node_can_contain_type(cmark_node *node, cmark_node_type child_type) {
 }
 
 static bool S_can_contain(cmark_node *node, cmark_node *child) {
-  cmark_node *cur;
-
   if (node == NULL || child == NULL) {
     return false;
   }
   if (NODE_MEM(node) != NODE_MEM(child)) {
     return 0;
   }
 
-  // Verify that child is not an ancestor of node or equal to node.
-  cur = node;
-  do {
-    if (cur == child) {
-      return false;
-    }
-    cur = cur->parent;
-  } while (cur != NULL);
+  if (enable_safety_checks) {
+    // Verify that child is not an ancestor of node or equal to node.
+    cmark_node *cur = node;
+    do {
+      if (cur == child) {
+        return false;
+      }
+      cur = cur->parent;
+    } while (cur != NULL);
+  }
 
   return cmark_node_can_contain_type(node, (cmark_node_type) child->type);
 }

src/node.h

@@ -145,6 +145,13 @@ static CMARK_INLINE bool CMARK_NODE_INLINE_P(cmark_node *node) {
 
 CMARK_GFM_EXPORT bool cmark_node_can_contain_type(cmark_node *node, cmark_node_type child_type);
 
+/**
+ * Enable (or disable) extra safety checks. These extra checks cause
+ * extra performance overhead (in some cases quadratic), so they are only
+ * intended to be used during testing.
+ */
+CMARK_GFM_EXPORT void cmark_enable_safety_checks(bool enable);
+
 #ifdef __cplusplus
 }
 #endif