blocks.c in commonmarker-0.23.7

- old
+ new

@@ -6,10 +6,11 @@
  */
 
 #include <stdlib.h>
 #include <assert.h>
 #include <stdio.h>
+#include <limits.h>
 
 #include "cmark_ctype.h"
 #include "syntax_extension.h"
 #include "config.h"
 #include "parser.h"
@@ -637,10 +638,18 @@
   while (parser->current != parser->root) {
     parser->current = finalize(parser, parser->current);
   }
 
   finalize(parser, parser->root);
+
+  // Limit total size of extra content created from reference links to
+  // document size to avoid superlinear growth. Always allow 100KB.
+  if (parser->total_size > 100000)
+    parser->refmap->max_ref_size = parser->total_size;
+  else
+    parser->refmap->max_ref_size = 100000;
+
   process_inlines(parser, parser->refmap, parser->options);
   if (parser->options & CMARK_OPT_FOOTNOTES)
     process_footnotes(parser);
 
   return parser->root;
@@ -695,9 +704,14 @@
 
 static void S_parser_feed(cmark_parser *parser, const unsigned char *buffer,
                           size_t len, bool eof) {
   const unsigned char *end = buffer + len;
   static const uint8_t repl[] = {239, 191, 189};
+
+  if (len > UINT_MAX - parser->total_size)
+    parser->total_size = UINT_MAX;
+  else
+    parser->total_size += len;
 
   if (parser->last_buffer_ended_with_cr && *buffer == '\n') {
     // skip NL if last buffer ended with CR ; see #117
     buffer++;
   }