Hi,
An odd, but valid Markdown document:
echo '` `' > oops.md
- John Gruber's Markdown:
markdown < oops.md
<p><code></code></p>
- MMD:
multimarkdown < oops.md
<p><code></code></p> (no trailing newline)
- CommonMark:
cmark < oops.md
<p><code></code></p>
Fossil, anyhow, segfaults:
printf "%s\n\n" "GET /doc/ckout/oops.md HTTP/1.0" | fossil http
Segmentation fault (core dumped)
The patch passes a zero-initialized text Blob instead of a NULL text
object to html_code_span() in case the trimmed string between the
backticks is empty.
Best Regards,
Johan
Index: src/markdown.c
==================================================================
--- src/markdown.c
+++ src/markdown.c
@@ -745,17 +745,15 @@
}
f_end = end-nb;
while( f_end>nb && (data[f_end-1]==' ' || data[f_end-1]=='\t') ){ f_end--; }
/* real code span */
+ struct Blob work = BLOB_INITIALIZER;
if( f_begin<f_end ){
- struct Blob work = BLOB_INITIALIZER;
blob_init(&work, data+f_begin, f_end-f_begin);
- if( !rndr->make.codespan(ob, &work, rndr->make.opaque) ) end = 0;
- }else{
- if( !rndr->make.codespan(ob, 0, rndr->make.opaque) ) end = 0;
}
+ if( !rndr->make.codespan(ob, &work, rndr->make.opaque) ) end = 0;
return end;
}
/* char_escape -- '\\' backslash escape */
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
