RubyGems - commonmarker - Versions diffs - 0.17.0 → 0.17.1 - Mend

commonmarker 0.17.0 → 0.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of commonmarker might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml +4 -4
data/ext/commonmarker/cmark/CMakeLists.txt +1 -1
data/ext/commonmarker/cmark/api_test/main.c +49 -168
data/ext/commonmarker/cmark/changelog.txt +4 -0
data/ext/commonmarker/cmark/src/inlines.c +1 -1
data/lib/commonmarker/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 78ee91668a78aaedd870bbaa8bf8e6cd551cadc9
-  data.tar.gz: 2391e06fd9d4e7dff10c71b9750e5141e19c0516
+  metadata.gz: fd465d3c630c43a890eee8ec949fccf4eabb5997
+  data.tar.gz: e9932c4d91ef3479c9635276a634ce1da089b4b3
 SHA512:
-  metadata.gz: 6df4d33c89c1a28d2d26f187ac1e54038dcfb0ecabb947d1437b48aeb49943e5896efce5adba324dc30d2e8b9d063be96a7c866d02f9849672e29b25b23c656a
-  data.tar.gz: ea01b53f7f78cd0d4c0489beaee09cf9aa6dafb38d932aaae7211aa82100d717ae67580837c27721b9aa23134462b2b1f4feaac67b3d02db5ca880f4cbb40471
+  metadata.gz: 58d1456c8e6da1b8b7288303570acbe467daf61402965fca54f0bc2f9f4c922a4edc19c7be25743b702b8a7fd0b0911742935498918e9044ebedeb89fd5cdcb3
+  data.tar.gz: 0c9d4f55d0326a1bf9830aea8f98b917c2f4fd3ea828bdfbebfdb2dd9063841b538d61228d7ae3ac7dc02b411d6562029d89e78f3a260090e3023c0238bd75d9

data/ext/commonmarker/cmark/CMakeLists.txt CHANGED Viewed

@@ -19,7 +19,7 @@ set(PROJECT_NAME "cmark")
 set(PROJECT_VERSION_MAJOR 0)
 set(PROJECT_VERSION_MINOR 28)
 set(PROJECT_VERSION_PATCH 0)
-set(PROJECT_VERSION_GFM 8)
+set(PROJECT_VERSION_GFM 9)
 set(PROJECT_VERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}.gfm.${PROJECT_VERSION_GFM} )
 option(CMARK_TESTS "Build cmark tests and enable testing" ON)

data/ext/commonmarker/cmark/api_test/main.c CHANGED Viewed

@@ -934,176 +934,59 @@ static void test_feed_across_line_ending(test_batch_runner *runner) {
   cmark_node_free(document);
 }
-static void source_pos(test_batch_runner *runner) {
-  static const char markdown[] =
-    "# Hi *there*.\n"
-    "\n"
-    "Hello &ldquo; <http://www.google.com>\n"
-    "there `hi` -- [okay](www.google.com (ok)).\n"
-    "\n"
-    "> 1. Okay.\n"
-    ">    Sure.\n"
-    ">\n"
-    "> 2. Yes, okay.\n"
-    ">    ![ok](hi \"yes\")\n";
-  cmark_node *doc = cmark_parse_document(markdown, sizeof(markdown) - 1, CMARK_OPT_DEFAULT);
-  char *xml = cmark_render_xml(doc, CMARK_OPT_DEFAULT | CMARK_OPT_SOURCEPOS);
-  STR_EQ(runner, xml, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
-                      "<!DOCTYPE document SYSTEM \"CommonMark.dtd\">\n"
-                      "<document sourcepos=\"1:1-10:20\" xmlns=\"http://commonmark.org/xml/1.0\">\n"
-                      "  <heading sourcepos=\"1:1-1:13\" level=\"1\">\n"
-                      "    <text sourcepos=\"1:3-1:5\">Hi </text>\n"
-                      "    <emph sourcepos=\"1:6-1:12\">\n"
-                      "      <text sourcepos=\"1:7-1:11\">there</text>\n"
-                      "    </emph>\n"
-                      "    <text sourcepos=\"1:13-1:13\">.</text>\n"
-                      "  </heading>\n"
-                      "  <paragraph sourcepos=\"3:1-4:42\">\n"
-                      "    <text sourcepos=\"3:1-3:14\">Hello “ </text>\n"
-                      "    <link sourcepos=\"3:15-3:37\" destination=\"http://www.google.com\" title=\"\">\n"
-                      "      <text sourcepos=\"3:16-3:36\">http://www.google.com</text>\n"
-                      "    </link>\n"
-                      "    <softbreak />\n"
-                      "    <text sourcepos=\"4:1-4:6\">there </text>\n"
-                      "    <code sourcepos=\"4:8-4:9\">hi</code>\n"
-                      "    <text sourcepos=\"4:11-4:14\"> -- </text>\n"
-                      "    <link sourcepos=\"4:15-4:41\" destination=\"www.google.com\" title=\"ok\">\n"
-                      "      <text sourcepos=\"4:16-4:19\">okay</text>\n"
-                      "    </link>\n"
-                      "    <text sourcepos=\"4:42-4:42\">.</text>\n"
-                      "  </paragraph>\n"
-                      "  <block_quote sourcepos=\"6:1-10:20\">\n"
-                      "    <list sourcepos=\"6:3-10:20\" type=\"ordered\" start=\"1\" delim=\"period\" tight=\"false\">\n"
-                      "      <item sourcepos=\"6:3-8:1\">\n"
-                      "        <paragraph sourcepos=\"6:6-7:10\">\n"
-                      "          <text sourcepos=\"6:6-6:10\">Okay.</text>\n"
-                      "          <softbreak />\n"
-                      "          <text sourcepos=\"7:6-7:10\">Sure.</text>\n"
-                      "        </paragraph>\n"
-                      "      </item>\n"
-                      "      <item sourcepos=\"9:3-10:20\">\n"
-                      "        <paragraph sourcepos=\"9:6-10:20\">\n"
-                      "          <text sourcepos=\"9:6-9:15\">Yes, okay.</text>\n"
-                      "          <softbreak />\n"
-                      "          <image sourcepos=\"10:6-10:20\" destination=\"hi\" title=\"yes\">\n"
-                      "            <text sourcepos=\"10:8-10:9\">ok</text>\n"
-                      "          </image>\n"
-                      "        </paragraph>\n"
-                      "      </item>\n"
-                      "    </list>\n"
-                      "  </block_quote>\n"
-                      "</document>\n",
-         "sourcepos are as expected");
-  free(xml);
-  cmark_node_free(doc);
-}
-static void ext_source_pos(test_batch_runner *runner) {
-  static const char *extensions[3] = {
-    "strikethrough",
-    "table",
-    "autolink",
-  };
-  static const char markdown[] =
-    "Hi ~~friend~~.\n"
-    "\n"
-    "> www.github.com\n"
-    "\n"
-    "1. | a | b | *c* |\n"
-    "   | - | - | --: |\n"
-    "   | 1 | 2 | ~3~ |\n";
-  cmark_parser *parser = cmark_parser_new(CMARK_OPT_DEFAULT);
-  core_extensions_ensure_registered();
+#if !defined(_WIN32) || defined(__CYGWIN__)
+#  include <sys/time.h>
+static struct timeval _before, _after;
+static int _timing;
+#  define START_TIMING() \
+       gettimeofday(&_before, NULL)
+#  define END_TIMING() \
+        do { \
+          gettimeofday(&_after, NULL); \
+          _timing = (_after.tv_sec - _before.tv_sec) * 1000 + (_after.tv_usec - _before.tv_usec) / 1000; \
+        } while (0)
+#  define TIMING _timing
+#else
+#  define START_TIMING()
+#  define END_TIMING()
+#  define TIMING 0
+#endif
+static void test_pathological_regressions(test_batch_runner *runner) {
+  {
+    // I don't care what the output is, so long as it doesn't take too long.
+    char path[] = "[a](b";
+    char *input = (char *)calloc(1, (sizeof(path) - 1) * 50000);
+    for (int i = 0; i < 50000; ++i)
+      memcpy(input + i * (sizeof(path) - 1), path, sizeof(path) - 1);
+    START_TIMING();
+    char *html = cmark_markdown_to_html(input, (sizeof(path) - 1) * 50000,
+                                        CMARK_OPT_VALIDATE_UTF8);
+    END_TIMING();
+    free(html);
+    free(input);
-  for (int i = 0; i < (int)(sizeof(extensions) / sizeof(*extensions)); ++i) {
-    cmark_syntax_extension *ext = cmark_find_syntax_extension(extensions[i]);
-    cmark_parser_attach_syntax_extension(parser, ext);
+    OK(runner, TIMING < 1000, "takes less than 1000ms to run");
   }
-  cmark_parser_feed(parser, markdown, sizeof(markdown) - 1);
-  cmark_node *doc = cmark_parser_finish(parser);
-  char *xml = cmark_render_xml(doc, CMARK_OPT_DEFAULT | CMARK_OPT_SOURCEPOS);
-  STR_EQ(runner, xml, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
-                      "<!DOCTYPE document SYSTEM \"CommonMark.dtd\">\n"
-                      "<document sourcepos=\"1:1-7:18\" xmlns=\"http://commonmark.org/xml/1.0\">\n"
-                      "  <paragraph sourcepos=\"1:1-1:14\">\n"
-                      "    <text sourcepos=\"1:1-1:3\">Hi </text>\n"
-                      "    <strikethrough sourcepos=\"1:4-1:13\">\n"
-                      "      <text sourcepos=\"1:6-1:11\">friend</text>\n"
-                      "    </strikethrough>\n"
-                      "    <text sourcepos=\"1:14-1:14\">.</text>\n"
-                      "  </paragraph>\n"
-                      "  <block_quote sourcepos=\"3:1-3:16\">\n"
-                      "    <paragraph sourcepos=\"3:3-3:16\">\n"
-                      "      <link sourcepos=\"3:2-3:16\" destination=\"http://www.github.com\" title=\"\">\n"
-                      "        <text sourcepos=\"3:2-3:16\">www.github.com</text>\n"
-                      "      </link>\n"
-                      "    </paragraph>\n"
-                      "  </block_quote>\n"
-		      "  <list sourcepos=\"5:1-7:18\" type=\"ordered\" start=\"1\" delim=\"period\" tight=\"true\">\n"
-		      "    <item sourcepos=\"5:1-7:18\">\n"
-                      "      <table sourcepos=\"5:4-7:18\">\n"
-                      "        <table_header sourcepos=\"5:4-5:18\">\n"
-                      "          <table_cell sourcepos=\"5:5-5:7\">\n"
-                      "            <text sourcepos=\"5:6-5:6\">a</text>\n"
-                      "          </table_cell>\n"
-                      "          <table_cell sourcepos=\"5:9-5:11\">\n"
-                      "            <text sourcepos=\"5:10-5:10\">b</text>\n"
-                      "          </table_cell>\n"
-                      "          <table_cell sourcepos=\"5:13-5:17\">\n"
-                      "            <emph sourcepos=\"5:14-5:16\">\n"
-                      "              <text sourcepos=\"5:15-5:15\">c</text>\n"
-                      "            </emph>\n"
-                      "          </table_cell>\n"
-                      "        </table_header>\n"
-                      "        <table_row sourcepos=\"7:4-7:18\">\n"
-                      "          <table_cell sourcepos=\"7:5-7:7\">\n"
-                      "            <text sourcepos=\"7:6-7:6\">1</text>\n"
-                      "          </table_cell>\n"
-                      "          <table_cell sourcepos=\"7:9-7:11\">\n"
-                      "            <text sourcepos=\"7:10-7:10\">2</text>\n"
-                      "          </table_cell>\n"
-                      "          <table_cell sourcepos=\"7:13-7:17\">\n"
-                      "            <strikethrough sourcepos=\"7:14-7:16\">\n"
-                      "              <text sourcepos=\"7:15-7:15\">3</text>\n"
-                      "            </strikethrough>\n"
-                      "          </table_cell>\n"
-                      "        </table_row>\n"
-                      "      </table>\n"
-		      "    </item>\n"
-		      "  </list>\n"
-                      "</document>\n",
-         "sourcepos are as expected");
-  free(xml);
-  cmark_node_free(doc);
-}
+  {
+    char path[] = "[a](<b";
+    char *input = (char *)calloc(1, (sizeof(path) - 1) * 50000);
+    for (int i = 0; i < 50000; ++i)
+      memcpy(input + i * (sizeof(path) - 1), path, sizeof(path) - 1);
-static void ref_source_pos(test_batch_runner *runner) {
-  static const char markdown[] =
-    "Let's try [reference] links.\n"
-    "\n"
-    "[reference]: https://github.com (GitHub)\n";
+    START_TIMING();
+    char *html = cmark_markdown_to_html(input, (sizeof(path) - 1) * 50000,
+                                        CMARK_OPT_VALIDATE_UTF8);
+    END_TIMING();
+    free(html);
+    free(input);
-  cmark_node *doc = cmark_parse_document(markdown, sizeof(markdown) - 1, CMARK_OPT_DEFAULT);
-  char *xml = cmark_render_xml(doc, CMARK_OPT_DEFAULT | CMARK_OPT_SOURCEPOS);
-  STR_EQ(runner, xml, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
-                      "<!DOCTYPE document SYSTEM \"CommonMark.dtd\">\n"
-                      "<document sourcepos=\"1:1-3:40\" xmlns=\"http://commonmark.org/xml/1.0\">\n"
-                      "  <paragraph sourcepos=\"1:1-1:28\">\n"
-                      "    <text sourcepos=\"1:1-1:10\">Let's try </text>\n"
-                      "    <link sourcepos=\"1:11-1:21\" destination=\"https://github.com\" title=\"GitHub\">\n"
-                      "      <text sourcepos=\"1:12-1:20\">reference</text>\n"
-                      "    </link>\n"
-                      "    <text sourcepos=\"1:22-1:28\"> links.</text>\n"
-                      "  </paragraph>\n"
-                      "</document>\n",
-         "sourcepos are as expected");
-  free(xml);
-  cmark_node_free(doc);
+    OK(runner, TIMING < 1000, "takes less than 1000ms to run");
+  }
 }
 int main() {
@@ -1132,9 +1015,7 @@ int main() {
   test_cplusplus(runner);
   test_safe(runner);
   test_feed_across_line_ending(runner);
-  source_pos(runner);
-  ext_source_pos(runner);
-  ref_source_pos(runner);
+  test_pathological_regressions(runner);
   test_print_summary(runner);
   retval = test_ok(runner) ? 0 : 1;

data/ext/commonmarker/cmark/changelog.txt CHANGED Viewed

@@ -1,3 +1,7 @@
+[0.28.0.gfm.9]
+  * Fix denial of service parsing nested links (#49).
 [0.28.0.gfm.8]
   * Fix bug where autolink would cause `:` to be skipped in emphasis

data/ext/commonmarker/cmark/src/inlines.c CHANGED Viewed

@@ -119,7 +119,7 @@ static cmark_chunk chunk_clone(cmark_mem *mem, cmark_chunk *src) {
   c.data = (unsigned char *)mem->calloc(len + 1, 1);
   c.alloc = 1;
   if (len)
-  memcpy(c.data, src->data, len);
+    memcpy(c.data, src->data, len);
   c.data[len] = '\0';
   return c;

data/lib/commonmarker/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module CommonMarker
-  VERSION = '0.17.0'.freeze
+  VERSION = '0.17.1'.freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: commonmarker
 version: !ruby/object:Gem::Version
-  version: 0.17.0
+  version: 0.17.1
 platform: ruby
 authors:
 - Garen Torikian
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-08-25 00:00:00.000000000 Z
+date: 2017-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-enum