Check for empty buffer when rendering

philipturnbull · philipturnbull · commit e489ba4ccb92 · 2018-02-20T12:25:04.000-05:00
For empty documents, `-&gt;size` is zero so
`renderer.buffer-&gt;ptr[renderer.buffer-&gt;size - 1]` will cause an out-of-bounds
read. Empty buffers always point to the global `cmark_strbuf__initbuf` buffer
so we read `cmark_strbuf__initbuf[-1]`.
diff --git a/src/render.c b/src/render.c
@@ -171,7 +171,7 @@ char *cmark_render(cmark_node *root, int options, int width,
   }
 
   // ensure final newline
-  if (renderer.buffer->ptr[renderer.buffer->size - 1] != '\n') {
+  if (renderer.buffer->size == 0 || renderer.buffer->ptr[renderer.buffer->size - 1] != '\n') {
     cmark_strbuf_putc(renderer.buffer, '\n');
   }
 

Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,7 @@ char cmark_render(cmark_node root, int options, int width,`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`// ensure final newline`
`174`		`- if (renderer.buffer->ptr[renderer.buffer->size - 1] != '\n') {`
	`174`	`+ if (renderer.buffer->size == 0 \|\| renderer.buffer->ptr[renderer.buffer->size - 1] != '\n') {`
`175`	`175`	`cmark_strbuf_putc(renderer.buffer, '\n');`
`176`	`176`	`}`
`177`	`177`