Merge tag '0.29.0.gfm.11' into QuietMisdreavus/gfm.11

rdar://107716414

Author: QuietMisdreavus

CMakeLists.txt

@@ -4,7 +4,7 @@ project(cmark-gfm)
 set(PROJECT_VERSION_MAJOR 0)
 set(PROJECT_VERSION_MINOR 29)
 set(PROJECT_VERSION_PATCH 0)
-set(PROJECT_VERSION_GFM 6)
+set(PROJECT_VERSION_GFM 10)
 set(PROJECT_VERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}.gfm.${PROJECT_VERSION_GFM})
 
 include("FindAsan.cmake")

api_test/main.c

@@ -1575,6 +1575,7 @@ int main() {
   int retval;
   test_batch_runner *runner = test_batch_runner_new();
 
+  cmark_enable_safety_checks(true);
   version(runner);
   constructor(runner);
   accessors(runner);

changelog.txt

@@ -1,3 +1,25 @@
+[0.29.0.gfm.10]
+
+  * Fixed polynomial time complexity issue per
+  https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
+  * Fixed polynomial time complexity issues per
+  https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
+
+  Note: these changes remove redundant bold tag nesting which may result
+  in existing rendering tests failing, e.g. rendering "____bold____" to html
+  will no longer yield "<p><strong><strong>bold</strong></strong></p>".
+
+[0.29.0.gfm.9]
+
+  * Cleanup: Use of a private header was cleaned up (#248)
+  * Cleanup: Man page was updated (#255)
+  * Cleanup: Warnings for -Wstrict-prototypes were cleaned up (#285)
+  * Cleanup: We avoid header duplication (#289)
+
+  * We now store positioning info for url_match (#201)
+  * We now expose cmark_parent_footnote_def for non-C renderers (#254)
+  * Footnote aria-label text now reference the specific footnote backref, and we include a data-footnote-backref-idx attribute so the label can be internationalized in a downstream filter (#307)
+
 [0.29.0.gfm.8]
 
   * We restored backwards compatibility by deprecating the `cmark_init_standard_node_flags()` requirement, which is now a noop (#305)

extensions/CMakeLists.txt

@@ -17,8 +17,6 @@ include_directories(
   ${PROJECT_BINARY_DIR}/src
 )
 
-include (GenerateExportHeader)
-
 include_directories(include ${CMAKE_CURRENT_BINARY_DIR})
 
 set(CMAKE_C_FLAGS_PROFILE "${CMAKE_C_FLAGS_RELEASE} -pg")
@@ -29,6 +27,7 @@ if (CMARK_SHARED)
 
   set_target_properties(${LIBRARY} PROPERTIES
     OUTPUT_NAME "cmark-gfm-extensions"
+    DEFINE_SYMBOL "cmark-gfm"
     SOVERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}.gfm.${PROJECT_VERSION_GFM}
     VERSION ${PROJECT_VERSION})
 
@@ -38,9 +37,6 @@ if (CMARK_SHARED)
   # Avoid name clash between PROGRAM and LIBRARY pdb files.
   set_target_properties(${LIBRARY} PROPERTIES PDB_NAME cmark-gfm-extensions_dll)
 
-  generate_export_header(${LIBRARY}
-    BASE_NAME cmark-gfm-extensions)
-
   list(APPEND CMARK_INSTALL ${LIBRARY})
   target_link_libraries(${LIBRARY} libcmark-gfm)
 
@@ -51,6 +47,7 @@ if (CMARK_STATIC)
 
   set_target_properties(${STATICLIBRARY} PROPERTIES
     COMPILE_FLAGS "-DCMARK_GFM_STATIC_DEFINE -DCMARK_GFM_EXTENSIONS_STATIC_DEFINE"
+    DEFINE_SYMBOL "cmark-gfm"
     POSITION_INDEPENDENT_CODE ON)
 
   if (MSVC)
@@ -63,11 +60,6 @@ if (CMARK_STATIC)
       VERSION ${PROJECT_VERSION})
   endif(MSVC)
 
-  if (NOT CMARK_SHARED)
-    generate_export_header(${STATICLIBRARY}
-      BASE_NAME cmark-gfm-extensions)
-  endif()
-
   list(APPEND CMARK_INSTALL ${STATICLIBRARY})
 endif()
 
@@ -84,7 +76,6 @@ install(TARGETS ${CMARK_INSTALL}
 if (CMARK_SHARED OR CMARK_STATIC)
   install(FILES
   ${CMAKE_CURRENT_SOURCE_DIR}/include/cmark-gfm-core-extensions.h
-  ${CMAKE_CURRENT_SOURCE_DIR}/include/extensions-export.h
   DESTINATION include
   )
 

extensions/autolink.c

@@ -267,6 +267,11 @@ static cmark_node *url_match(cmark_parser *parser, cmark_node *parent,
   cmark_node *text = cmark_node_new_with_mem(CMARK_NODE_TEXT, parser->mem);
   text->as.literal = url;
   cmark_node_append_child(node, text);
+  
+  node->start_line = text->start_line = node->end_line = text->end_line = cmark_inline_parser_get_line(inline_parser);
+
+  node->start_column = text->start_column = max_rewind - rewind;
+  node->end_column = text->end_column = cmark_inline_parser_get_column(inline_parser) - 1;
 
   return node;
 }

extensions/include/cmark-gfm-core-extensions.h

@@ -6,40 +6,40 @@ extern "C" {
 #endif
 
 #include "cmark-gfm-extension_api.h"
-#include "extensions-export.h"
-#include "cmark-gfm_config.h" // for bool
+#include "export.h"
+#include <stdbool.h>
 #include <stdint.h>
 
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 void cmark_gfm_core_extensions_ensure_registered(void);
 
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 uint16_t cmark_gfm_extensions_get_table_columns(cmark_node *node);
 
 /** Sets the number of columns for the table, returning 1 on success and 0 on error.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 int cmark_gfm_extensions_set_table_columns(cmark_node *node, uint16_t n_columns);
 
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 uint8_t *cmark_gfm_extensions_get_table_alignments(cmark_node *node);
 
 /** Sets the alignments for the table, returning 1 on success and 0 on error.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 int cmark_gfm_extensions_set_table_alignments(cmark_node *node, uint16_t ncols, uint8_t *alignments);
 
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 int cmark_gfm_extensions_get_table_row_is_header(cmark_node *node);
 
 /** Sets the column span for the table cell, returning 1 on success and 0 on error.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 int cmark_gfm_extensions_set_table_cell_colspan(cmark_node *node, unsigned colspan);
 
 /** Sets the row span for the table cell, returning 1 on success and 0 on error.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 int cmark_gfm_extensions_set_table_cell_rowspan(cmark_node *node, unsigned rowspan);
 
 /**
@@ -50,7 +50,7 @@ int cmark_gfm_extensions_set_table_cell_rowspan(cmark_node *node, unsigned rowsp
 
  Column span is only parsed when \c CMARK_OPT_TABLE_SPANS is set.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 unsigned cmark_gfm_extensions_get_table_cell_colspan(cmark_node *node);
 
 /**
@@ -61,22 +61,22 @@ unsigned cmark_gfm_extensions_get_table_cell_colspan(cmark_node *node);
 
  Row span is only parsed when \c CMARK_OPT_TABLE_SPANS is set.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 unsigned cmark_gfm_extensions_get_table_cell_rowspan(cmark_node *node);
 
 /** Sets whether the node is a table header row, returning 1 on success and 0 on error.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 int cmark_gfm_extensions_set_table_row_is_header(cmark_node *node, int is_header);
 
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 bool cmark_gfm_extensions_get_tasklist_item_checked(cmark_node *node);
 /* For backwards compatibility */
 #define cmark_gfm_extensions_tasklist_is_checked cmark_gfm_extensions_get_tasklist_item_checked
 
 /** Sets whether a tasklist item is "checked" (completed), returning 1 on success and 0 on error.
  */
-CMARK_GFM_EXTENSIONS_EXPORT
+CMARK_GFM_EXPORT
 int cmark_gfm_extensions_set_tasklist_item_checked(cmark_node *node, bool is_checked);
 
 #ifdef __cplusplus

extensions/include/extensions-export.h

@@ -19,3 +19,4 @@ macro(fuzzer name)
 endmacro()
 
 fuzzer(fuzz_quadratic)
+fuzzer(fuzz_quadratic_brackets)

fuzz/CMakeLists.txt

@@ -75,8 +75,13 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
       cmark_parser_feed(parser, markdown, markdown_size);
       cmark_node *doc = cmark_parser_finish(parser);
- 
+
       free(cmark_render_html(doc, fuzz_config.options, NULL));
+      free(cmark_render_xml(doc, fuzz_config.options));
+      free(cmark_render_man(doc, fuzz_config.options, 80));
+      free(cmark_render_commonmark(doc, fuzz_config.options, 80));
+      free(cmark_render_plaintext(doc, fuzz_config.options, 80));
+      free(cmark_render_latex(doc, fuzz_config.options, 80));
 
       cmark_node_free(doc);
       cmark_parser_free(parser);

fuzz/fuzz_quadratic.c

@@ -0,0 +1,110 @@
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "cmark-gfm.h"
+#include "cmark-gfm-core-extensions.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+const char *extension_names[] = {
+  "autolink",
+  "strikethrough",
+  "table",
+  "tagfilter",
+  NULL,
+};
+
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  cmark_gfm_core_extensions_ensure_registered();
+  return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  struct __attribute__((packed)) {
+    int options;
+    int width;
+    uint8_t startlen;
+    uint8_t openlen;
+    uint8_t middlelen;
+    uint8_t closelen;
+  } fuzz_config;
+
+  if (size >= sizeof(fuzz_config)) {
+    /* The beginning of `data` is treated as fuzzer configuration */
+    memcpy(&fuzz_config, data, sizeof(fuzz_config));
+
+    /* Test options that are used by GitHub. */
+    fuzz_config.options = CMARK_OPT_UNSAFE | CMARK_OPT_FOOTNOTES | CMARK_OPT_GITHUB_PRE_LANG | CMARK_OPT_HARDBREAKS;
+    fuzz_config.openlen = fuzz_config.openlen & 0x7;
+    fuzz_config.middlelen = fuzz_config.middlelen & 0x7;
+    fuzz_config.closelen = fuzz_config.closelen & 0x7;
+
+    /* Remainder of input is the markdown */
+    const char *markdown0 = (const char *)(data + sizeof(fuzz_config));
+    const size_t markdown_size0 = size - sizeof(fuzz_config);
+    char markdown[0x80000];
+    if (markdown_size0 <= sizeof(markdown)) {
+      size_t markdown_size = 0;
+      const size_t componentslen = fuzz_config.startlen + fuzz_config.openlen + fuzz_config.middlelen + fuzz_config.closelen;
+      if (componentslen <= markdown_size0) {
+        size_t offset = 0;
+        const size_t endlen = markdown_size0 - componentslen;
+        memcpy(&markdown[markdown_size], &markdown0[offset], fuzz_config.startlen);
+        markdown_size += fuzz_config.startlen;
+        offset += fuzz_config.startlen;
+
+        if (0 < fuzz_config.openlen) {
+          while (markdown_size + fuzz_config.openlen <= sizeof(markdown)/2) {
+            memcpy(&markdown[markdown_size], &markdown0[offset],
+                   fuzz_config.openlen);
+            markdown_size += fuzz_config.openlen;
+          }
+          offset += fuzz_config.openlen;
+        }
+        memcpy(&markdown[markdown_size], &markdown0[offset],
+               fuzz_config.middlelen);
+        markdown_size += fuzz_config.middlelen;
+        offset += fuzz_config.middlelen;
+        if (0 < fuzz_config.closelen) {
+          while (markdown_size + fuzz_config.closelen + endlen <= sizeof(markdown)) {
+            memcpy(&markdown[markdown_size], &markdown0[offset],
+                   fuzz_config.closelen);
+            markdown_size += fuzz_config.closelen;
+          }
+          offset += fuzz_config.closelen;
+        }
+        if (markdown_size + endlen <= sizeof(markdown)) {
+          memcpy(&markdown[markdown_size], &markdown0[offset],
+                 endlen);
+          markdown_size += endlen;
+        }
+      } else {
+        markdown_size = markdown_size0;
+        memcpy(markdown, markdown0, markdown_size);
+      }
+
+      cmark_parser *parser = cmark_parser_new(fuzz_config.options);
+
+      for (const char **it = extension_names; *it; ++it) {
+        const char *extension_name = *it;
+        cmark_syntax_extension *syntax_extension = cmark_find_syntax_extension(extension_name);
+        if (!syntax_extension) {
+          fprintf(stderr, "%s is not a valid syntax extension\n", extension_name);
+          abort();
+        }
+        cmark_parser_attach_syntax_extension(parser, syntax_extension);
+      }
+
+      cmark_parser_feed(parser, markdown, markdown_size);
+      cmark_node *doc = cmark_parser_finish(parser);
+ 
+      free(cmark_render_html(doc, fuzz_config.options, NULL));
+
+      cmark_node_free(doc);
+      cmark_parser_free(parser);
+    }
+  }
+  return 0;
+}