commonmarker 0.23.1 → 0.23.2

data/ext/commonmarker/footnotes.c

@@ -38,3 +38,26 @@ void cmark_footnote_create(cmark_map *map, cmark_node *node) {
 cmark_map *cmark_footnote_map_new(cmark_mem *mem) {
   return cmark_map_new(mem, footnote_free);
 }
+
+// Before calling `cmark_map_free` on a map with `cmark_footnotes`, first
+// unlink all of the footnote nodes before freeing their memory.
+//
+// Sometimes, two (unused) footnote nodes can end up referencing each other,
+// which as they get freed up by calling `cmark_map_free` -> `footnote_free` ->
+// etc, can lead to a use-after-free error.
+//
+// Better to `unlink` every footnote node first, setting their next, prev, and
+// parent pointers to NULL, and only then walk thru & free them up.
+void cmark_unlink_footnotes_map(cmark_map *map) {
+  cmark_map_entry *ref;
+  cmark_map_entry *next;
+
+  ref = map->refs;
+  while(ref) {
+    next = ref->next;
+    if (((cmark_footnote *)ref)->node) {
+      cmark_node_unlink(((cmark_footnote *)ref)->node);
+    }
+    ref = next;
+  }
+}

data/ext/commonmarker/footnotes.h

@@ -18,6 +18,8 @@ typedef struct cmark_footnote cmark_footnote;
 void cmark_footnote_create(cmark_map *map, cmark_node *node);
 cmark_map *cmark_footnote_map_new(cmark_mem *mem);
 
+void cmark_unlink_footnotes_map(cmark_map *map);
+
 #ifdef __cplusplus
 }
 #endif

data/ext/commonmarker/html.c

@@ -59,16 +59,30 @@ static void filter_html_block(cmark_html_renderer *renderer, uint8_t *data, size
     cmark_strbuf_put(html, data, (bufsize_t)len);
 }
 
-static bool S_put_footnote_backref(cmark_html_renderer *renderer, cmark_strbuf *html) {
+static bool S_put_footnote_backref(cmark_html_renderer *renderer, cmark_strbuf *html, cmark_node *node) {
   if (renderer->written_footnote_ix >= renderer->footnote_ix)
     return false;
   renderer->written_footnote_ix = renderer->footnote_ix;
 
-  cmark_strbuf_puts(html, "<a href=\"#fnref");
-  char n[32];
-  snprintf(n, sizeof(n), "%d", renderer->footnote_ix);
-  cmark_strbuf_puts(html, n);
-  cmark_strbuf_puts(html, "\" class=\"footnote-backref\">↩</a>");
+  cmark_strbuf_puts(html, "<a href=\"#fnref-");
+  houdini_escape_href(html, node->as.literal.data, node->as.literal.len);
+  cmark_strbuf_puts(html, "\" class=\"footnote-backref\" data-footnote-backref aria-label=\"Back to content\">↩</a>");
+
+  if (node->footnote.def_count > 1)
+  {
+    for(int i = 2; i <= node->footnote.def_count; i++) {
+      char n[32];
+      snprintf(n, sizeof(n), "%d", i);
+
+      cmark_strbuf_puts(html, " <a href=\"#fnref-");
+      houdini_escape_href(html, node->as.literal.data, node->as.literal.len);
+      cmark_strbuf_puts(html, "-");
+      cmark_strbuf_puts(html, n);
+      cmark_strbuf_puts(html, "\" class=\"footnote-backref\" data-footnote-backref aria-label=\"Back to content\">↩<sup class=\"footnote-ref\">");
+      cmark_strbuf_puts(html, n);
+      cmark_strbuf_puts(html, "</sup></a>");
+    }
+  }
 
   return true;
 }
@@ -273,7 +287,7 @@ static int S_render_node(cmark_html_renderer *renderer, cmark_node *node,
       } else {
         if (parent->type == CMARK_NODE_FOOTNOTE_DEFINITION && node->next == NULL) {
           cmark_strbuf_putc(html, ' ');
-          S_put_footnote_backref(renderer, html);
+          S_put_footnote_backref(renderer, html, parent);
         }
         cmark_strbuf_puts(html, "</p>\n");
       }
@@ -392,16 +406,15 @@ static int S_render_node(cmark_html_renderer *renderer, cmark_node *node,
   case CMARK_NODE_FOOTNOTE_DEFINITION:
     if (entering) {
       if (renderer->footnote_ix == 0) {
-        cmark_strbuf_puts(html, "<section class=\"footnotes\">\n<ol>\n");
+        cmark_strbuf_puts(html, "<section class=\"footnotes\" data-footnotes>\n<ol>\n");
       }
       ++renderer->footnote_ix;
-      cmark_strbuf_puts(html, "<li id=\"fn");
-      char n[32];
-      snprintf(n, sizeof(n), "%d", renderer->footnote_ix);
-      cmark_strbuf_puts(html, n);
+
+      cmark_strbuf_puts(html, "<li id=\"fn-");
+      houdini_escape_href(html, node->as.literal.data, node->as.literal.len);
       cmark_strbuf_puts(html, "\">\n");
     } else {
-      if (S_put_footnote_backref(renderer, html)) {
+      if (S_put_footnote_backref(renderer, html, node)) {
         cmark_strbuf_putc(html, '\n');
       }
       cmark_strbuf_puts(html, "</li>\n");
@@ -410,12 +423,20 @@ static int S_render_node(cmark_html_renderer *renderer, cmark_node *node,
 
   case CMARK_NODE_FOOTNOTE_REFERENCE:
     if (entering) {
-      cmark_strbuf_puts(html, "<sup class=\"footnote-ref\"><a href=\"#fn");
-      cmark_strbuf_put(html, node->as.literal.data, node->as.literal.len);
-      cmark_strbuf_puts(html, "\" id=\"fnref");
-      cmark_strbuf_put(html, node->as.literal.data, node->as.literal.len);
-      cmark_strbuf_puts(html, "\">");
-      cmark_strbuf_put(html, node->as.literal.data, node->as.literal.len);
+      cmark_strbuf_puts(html, "<sup class=\"footnote-ref\"><a href=\"#fn-");
+      houdini_escape_href(html, node->parent_footnote_def->as.literal.data, node->parent_footnote_def->as.literal.len);
+      cmark_strbuf_puts(html, "\" id=\"fnref-");
+      houdini_escape_href(html, node->parent_footnote_def->as.literal.data, node->parent_footnote_def->as.literal.len);
+
+      if (node->footnote.ref_ix > 1) {
+        char n[32];
+        snprintf(n, sizeof(n), "%d", node->footnote.ref_ix);
+        cmark_strbuf_puts(html, "-");
+        cmark_strbuf_puts(html, n);
+      }
+
+      cmark_strbuf_puts(html, "\" data-footnote-ref>");
+      houdini_escape_href(html, node->as.literal.data, node->as.literal.len);
       cmark_strbuf_puts(html, "</a></sup>");
     }
     break;

data/ext/commonmarker/inlines.c

@@ -1137,19 +1137,77 @@ noMatch:
   // What if we're a footnote link?
   if (parser->options & CMARK_OPT_FOOTNOTES &&
       opener->inl_text->next &&
-      opener->inl_text->next->type == CMARK_NODE_TEXT &&
-      !opener->inl_text->next->next) {
+      opener->inl_text->next->type == CMARK_NODE_TEXT) {
+
     cmark_chunk *literal = &opener->inl_text->next->as.literal;
-    if (literal->len > 1 && literal->data[0] == '^') {
-      inl = make_simple(subj->mem, CMARK_NODE_FOOTNOTE_REFERENCE);
-      inl->as.literal = cmark_chunk_dup(literal, 1, literal->len - 1);
-      inl->start_line = inl->end_line = subj->line;
-      inl->start_column = opener->inl_text->start_column;
-      inl->end_column = subj->pos + subj->column_offset + subj->block_offset;
-      cmark_node_insert_before(opener->inl_text, inl);
-      cmark_node_free(opener->inl_text->next);
-      cmark_node_free(opener->inl_text);
+
+    // look back to the opening '[', and skip ahead to the next character
+    // if we're looking at a '[^' sequence, and there is other text or nodes
+    // after the ^, let's call it a footnote reference.
+    if ((literal->len > 0 && literal->data[0] == '^') && (literal->len > 1 || opener->inl_text->next->next)) {
+
+      // Before we got this far, the `handle_close_bracket` function may have
+      // advanced the current state beyond our footnote's actual closing
+      // bracket, ie if it went looking for a `link_label`.
+      // Let's just rewind the subject's position:
+      subj->pos = initial_pos;
+
+      cmark_node *fnref = make_simple(subj->mem, CMARK_NODE_FOOTNOTE_REFERENCE);
+
+      // the start and end of the footnote ref is the opening and closing brace
+      // i.e. the subject's current position, and the opener's start_column
+      int fnref_end_column = subj->pos + subj->column_offset + subj->block_offset;
+      int fnref_start_column = opener->inl_text->start_column;
+
+      // any given node delineates a substring of the line being processed,
+      // with the remainder of the line being pointed to thru its 'literal'
+      // struct member.
+      // here, we copy the literal's pointer, moving it past the '^' character
+      // for a length equal to the size of footnote reference text.
+      // i.e. end_col minus start_col, minus the [ and the ^ characters
+      //
+      // this copies the footnote reference string, even if between the
+      // `opener` and the subject's current position there are other nodes
+      //
+      // (first, check for underflows)
+      if ((fnref_start_column + 2) <= fnref_end_column) {
+        fnref->as.literal = cmark_chunk_dup(literal, 1, (fnref_end_column - fnref_start_column) - 2);
+      } else {
+        fnref->as.literal = cmark_chunk_dup(literal, 1, 0);
+      }
+
+      fnref->start_line = fnref->end_line = subj->line;
+      fnref->start_column = fnref_start_column;
+      fnref->end_column = fnref_end_column;
+
+      // we then replace the opener with this new fnref node, the net effect
+      // being replacing the opening '[' text node with a `^footnote-ref]` node.
+      cmark_node_insert_before(opener->inl_text, fnref);
+
       process_emphasis(parser, subj, opener->previous_delimiter);
+      // sometimes, the footnote reference text gets parsed into multiple nodes
+      // i.e. '[^example]' parsed into '[', '^exam', 'ple]'.
+      // this happens for ex with the autolink extension. when the autolinker
+      // finds the 'w' character, it will split the text into multiple nodes
+      // in hopes of being able to match a 'www.' substring.
+      //
+      // because this function is called one character at a time via the
+      // `parse_inlines` function, and the current subj->pos is pointing at the
+      // closing ] brace, and because we copy all the text between the [ ]
+      // braces, we should be able to safely ignore and delete any nodes after
+      // the opener->inl_text->next.
+      //
+      // therefore, here we walk thru the list and free them all up
+      cmark_node *next_node;
+      cmark_node *current_node = opener->inl_text->next;
+      while(current_node) {
+        next_node = current_node->next;
+        cmark_node_free(current_node);
+        current_node = next_node;
+      }
+
+      cmark_node_free(opener->inl_text);
+
       pop_bracket(subj);
       return NULL;
     }

data/ext/commonmarker/node.h

@@ -76,6 +76,13 @@ struct cmark_node {
 
   cmark_syntax_extension *extension;
 
+  union {
+    int ref_ix;
+    int def_count;
+  } footnote;
+
+  cmark_node *parent_footnote_def;
+
   union {
     cmark_chunk literal;
     cmark_list list;

data/ext/commonmarker/table.c

@@ -114,60 +114,87 @@ static cmark_strbuf *unescape_pipes(cmark_mem *mem, unsigned char *string, bufsi
 static table_row *row_from_string(cmark_syntax_extension *self,
                                   cmark_parser *parser, unsigned char *string,
                                   int len) {
+  // Parses a single table row. It has the following form:
+  // `delim? table_cell (delim table_cell)* delim? newline`
+  // Note that cells are allowed to be empty.
+  //
+  // From the GitHub-flavored Markdown specification:
+  //
+  // > Each row consists of cells containing arbitrary text, in which inlines
+  // > are parsed, separated by pipes (|). A leading and trailing pipe is also
+  // > recommended for clarity of reading, and if there’s otherwise parsing
+  // > ambiguity.
+
   table_row *row = NULL;
   bufsize_t cell_matched = 1, pipe_matched = 1, offset;
-  int cell_end_offset;
+  int expect_more_cells = 1;
+  int row_end_offset = 0;
 
   row = (table_row *)parser->mem->calloc(1, sizeof(table_row));
   row->n_columns = 0;
   row->cells = NULL;
 
+  // Scan past the (optional) leading pipe.
   offset = scan_table_cell_end(string, len, 0);
 
   // Parse the cells of the row. Stop if we reach the end of the input, or if we
   // cannot detect any more cells.
-  while (offset < len && (cell_matched || pipe_matched)) {
+  while (offset < len && expect_more_cells) {
     cell_matched = scan_table_cell(string, len, offset);
     pipe_matched = scan_table_cell_end(string, len, offset + cell_matched);
 
     if (cell_matched || pipe_matched) {
-      cell_end_offset = offset + cell_matched - 1;
+      // We are guaranteed to have a cell, since (1) either we found some
+      // content and cell_matched, or (2) we found an empty cell followed by a
+      // pipe.
+      cmark_strbuf *cell_buf = unescape_pipes(parser->mem, string + offset,
+          cell_matched);
+      cmark_strbuf_trim(cell_buf);
+
+      node_cell *cell = (node_cell *)parser->mem->calloc(1, sizeof(*cell));
+      cell->buf = cell_buf;
+      cell->start_offset = offset;
+      cell->end_offset = offset + cell_matched - 1;
+
+      while (cell->start_offset > 0 && string[cell->start_offset - 1] != '|') {
+        --cell->start_offset;
+        ++cell->internal_offset;
+      }
+
+      row->n_columns += 1;
+      row->cells = cmark_llist_append(parser->mem, row->cells, cell);
+    }
+
+    offset += cell_matched + pipe_matched;
+
+    if (pipe_matched) {
+      expect_more_cells = 1;
+    } else {
+      // We've scanned the last cell. Check if we have reached the end of the row
+      row_end_offset = scan_table_row_end(string, len, offset);
+      offset += row_end_offset;
 
-      if (string[cell_end_offset] == '\n' || string[cell_end_offset] == '\r') {
-        row->paragraph_offset = cell_end_offset;
+      // If the end of the row is not the end of the input,
+      // the row is not a real row but potentially part of the paragraph
+      // preceding the table.
+      if (row_end_offset && offset != len) {
+        row->paragraph_offset = offset;
 
         cmark_llist_free_full(parser->mem, row->cells, (cmark_free_func)free_table_cell);
         row->cells = NULL;
         row->n_columns = 0;
-      } else {
-        cmark_strbuf *cell_buf = unescape_pipes(parser->mem, string + offset,
-            cell_matched);
-        cmark_strbuf_trim(cell_buf);
-
-        node_cell *cell = (node_cell *)parser->mem->calloc(1, sizeof(*cell));
-        cell->buf = cell_buf;
-        cell->start_offset = offset;
-        cell->end_offset = cell_end_offset;
-
-        while (cell->start_offset > 0 && string[cell->start_offset - 1] != '|') {
-          --cell->start_offset;
-          ++cell->internal_offset;
-        }
 
-        row->n_columns += 1;
-        row->cells = cmark_llist_append(parser->mem, row->cells, cell);
-      }
-    }
+        // Scan past the (optional) leading pipe.
+        offset += scan_table_cell_end(string, len, offset);
 
-    offset += cell_matched + pipe_matched;
-
-    if (!pipe_matched) {
-      pipe_matched = scan_table_row_end(string, len, offset);
-      offset += pipe_matched;
+        expect_more_cells = 1;
+      } else {
+        expect_more_cells = 0;
+      }
     }
   }
 
-  if (offset != len || !row->n_columns) {
+  if (offset != len || row->n_columns == 0) {
     free_table_row(parser->mem, row);
     row = NULL;
   }
@@ -199,8 +226,6 @@ static cmark_node *try_opening_table_header(cmark_syntax_extension *self,
                                             cmark_parser *parser,
                                             cmark_node *parent_container,
                                             unsigned char *input, int len) {
-  bufsize_t matched =
-      scan_table_start(input, len, cmark_parser_get_first_nonspace(parser));
   cmark_node *table_header;
   table_row *header_row = NULL;
   table_row *marker_row = NULL;
@@ -208,41 +233,37 @@ static cmark_node *try_opening_table_header(cmark_syntax_extension *self,
   const char *parent_string;
   uint16_t i;
 
-  if (!matched)
-    return parent_container;
-
-  parent_string = cmark_node_get_string_content(parent_container);
-
-  cmark_arena_push();
-
-  header_row = row_from_string(self, parser, (unsigned char *)parent_string,
-                               (int)strlen(parent_string));
-
-  if (!header_row) {
-    free_table_row(parser->mem, header_row);
-    cmark_arena_pop();
+  if (!scan_table_start(input, len, cmark_parser_get_first_nonspace(parser))) {
     return parent_container;
   }
 
+  // Since scan_table_start was successful, we must have a marker row.
   marker_row = row_from_string(self, parser,
                                input + cmark_parser_get_first_nonspace(parser),
                                len - cmark_parser_get_first_nonspace(parser));
-
   assert(marker_row);
 
-  if (header_row->n_columns != marker_row->n_columns) {
-    free_table_row(parser->mem, header_row);
+  cmark_arena_push();
+
+  // Check for a matching header row. We call `row_from_string` with the entire
+  // (potentially long) parent container as input, but this should be safe since
+  // `row_from_string` bails out early if it does not find a row.
+  parent_string = cmark_node_get_string_content(parent_container);
+  header_row = row_from_string(self, parser, (unsigned char *)parent_string,
+                               (int)strlen(parent_string));
+  if (!header_row || header_row->n_columns != marker_row->n_columns) {
     free_table_row(parser->mem, marker_row);
+    free_table_row(parser->mem, header_row);
     cmark_arena_pop();
     return parent_container;
   }
 
   if (cmark_arena_pop()) {
+    marker_row = row_from_string(
+        self, parser, input + cmark_parser_get_first_nonspace(parser),
+        len - cmark_parser_get_first_nonspace(parser));
     header_row = row_from_string(self, parser, (unsigned char *)parent_string,
                                  (int)strlen(parent_string));
-    marker_row = row_from_string(self, parser,
-                                 input + cmark_parser_get_first_nonspace(parser),
-                                 len - cmark_parser_get_first_nonspace(parser));
   }
 
   if (!cmark_node_set_type(parent_container, CMARK_NODE_TABLE)) {
@@ -257,9 +278,7 @@ static cmark_node *try_opening_table_header(cmark_syntax_extension *self,
   }
 
   cmark_node_set_syntax_extension(parent_container, self);
-
   parent_container->as.opaque = parser->mem->calloc(1, sizeof(node_table));
-
   set_n_table_columns(parent_container, header_row->n_columns);
 
   uint8_t *alignments =

data/lib/commonmarker/config.rb

@@ -13,7 +13,7 @@ module CommonMarker
         SMART: (1 << 10),
         LIBERAL_HTML_TAG: (1 << 12),
         FOOTNOTES: (1 << 13),
-        STRIKETHROUGH_DOUBLE_TILDE: (1 << 14),
+        STRIKETHROUGH_DOUBLE_TILDE: (1 << 14)
       }.freeze,
       render: {
         DEFAULT: 0,
@@ -28,7 +28,7 @@ module CommonMarker
         FOOTNOTES: (1 << 13),
         STRIKETHROUGH_DOUBLE_TILDE: (1 << 14),
         TABLE_PREFER_STYLE_ATTRIBUTES: (1 << 15),
-        FULL_INFO_STRING: (1 << 16),
+        FULL_INFO_STRING: (1 << 16)
       }.freeze,
       format: %i[html xml commonmark plaintext].freeze
     }.freeze

data/lib/commonmarker/errors.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'commonmarker/node/inspect'
+
+module CommonMarker
+  class RenderError < StandardError
+    PREAMBLE = 'There was an error rendering'
+    def initialize(error)
+      super("#{PREAMBLE}: #{error.class} #{error.message}")
+    end
+  end
+end