Bot releases are visible (Hide)
Update to 0.31.2 spec.txt.
Treat unicode Symbols like Punctuation, as per the 0.31 spec.
Add a new function to utf8.h
:
int cmark_utf8proc_is_punctuation_or_symbol(int32_t uc)
.
The old cmark_utf8proc_is_punctuation
has been kept for
now, but it is no longer used.
Add new exported function cmark_parser_new_with_mem_into_root
(API change) (John Ericson).
Avoid repeated language-
in info string (commonmark/commonmark.js#277).
Fix quadratic behavior in S_insert_emph
(Nick Wellnhofer).
Fixes part of GHSA-66g8-4hjf-77xh.
Fix quadratic behavior in check_open_blocks
(Nick Wellnhofer).
Fixes part of GHSA-66g8-4hjf-77xh.
Track underscore bottom separately mod 3, like asterisk (Michael
Howell). This was already implemented correctly for asterisks,
but not for underscore.
Use fwrite
instead of printf
to print results in main (#523).
This avoids a massive slowdown in MSYS2.
commonmark writer: less aggressive escaping for !
(#131).
Update libFuzzer build (Nick Wellnhofer):
-fsanitize=fuzzer(-no-link)
without requiring LIB_FUZZER_PATH
.libFuzzer
rule in Makefile and the README.md.CMake build changes (Saleem Abdulrasool).
CMARK_STATIC
and CMARK_SHARED
options as one of the twoBUILD_SHARED_LIBS
,CMARK_SHARED
andCMARK_STATIC
to redirect the author of the dependent package toBUILD_SHARED_LIBS
./OPT:REF
/OPT:ICF
will trigger full links, which is the default incmake/modules
directory that is the common layout for CMake based__builtin_expect
. Use __has_builtin
to checkconfig.h
has been/TP
usage on MSVC and replace CMARK_INLINE
with inline
./W3
from the language flags under MSVC withCMARK_STATIC_DEFINE
.project
functions. They should be set immediately aftercmake_minimum_required
(which implicitly sets policies).POLICY
check to see if a policy is defined ratherCMARK_TESTS
with CMake sanctioned BUILD_TESTING
.FindPythonInterp
, and with CMake 3.27, wereFix regex syntax warnings in pathological_tests.py
(Nick Wellnhofer).
test/cmark.py
: avoid star imports (Jakub Wilk).
spec_tests.py
: Add option to generate fuzz corpus (Nick Wellnhofer).
Add an option --fuzz-corpus
that writes the test cases to separate
files including the options header, so they can be used as seed corpus
for fuzz testing.
Fix some cmark.3 man rendering issues so we can do a clean regen
(John Ericson).
Update Windows compilation instructions (Pomax, #525).
Published by jgm over 1 year ago
Fix quadratic complexity bug with repeated ![[]()
.
Resolves CVE-2023-22486. Add new pathological test. (John MacFarlane)
Allow declarations with no space, as per spec (#456, John MacFarlane).
Set enumi*
counter correctly in LaTeX output (#451, John MacFarlane).
Allow <!DOCTYPE
to be case-insensitive. (This conforms to the
existing spec.) (John MacFarlane)
Fixed HTML comment scanning. Need to handle this case: <!--> and -->
.
Since the scanner finds the longest match, we had to
move some of the logic outside of the scanner. (John MacFarlane)
Fix quadratic parsing issue with repeated <!--
(this was not
introduced by the previous fix, and not in a released version of cmark).
Resolves CVE-2023-22484. Add new pathological test. (John MacFarlane)
Update HTML comment scanner to accord with commonmark/commonmark-spec#713
(John MacFarlane).
Pathological tests: half the number of repetitions, and the timeout.
This reduces the time needed for the pathological tests.
(John MacFarlane)
Shrink struct cmark_node
(#446). The internal_offset
member is
only used for headings and can be moved to struct cmark_heading
.
This reduces the size of struct cmark_node
from 112 to 104 bytes on
64-bit systems. (Nick Wellnhofer)
Add -Wstrict-prototypes
and fix offending functions. (Nick
Wellnhofer, Dan Cîrnaț)
Fix quadratic behavior involving get_containing_block
(#431).
Instead of searching for the containing block, update the tight list
status when entering a child of a list item or exiting a list.
(Nick Wellnhofer)
Fix pathological_tests.py
(Nick Wellnhofer):
allowed_failures
test.Fix source position bug with backticks (kyle).
Published by jgm about 3 years ago
Fix parsing of emphasis before links (#424, Nick Wellnhofer).
Fixes a regression introduced with commit ed0a4bf.
Update to Unicode 14.0 (data-man).
Add ~
to safe href character set (#394, frogtile).
Update CMakeLists.txt (Saleem Abdulrasool). Bump the minimum required
CMake to 3.7. Imperatively define output name for static library.
Fix install paths in libcmark.pc (Sebastián Mancilla).
CMAKE_INSTALL_<dir>
can be relative or absolute path, so it is wrong to
prefix CMAKE_INSTALL_PREFIX
because if CMAKE_INSTALL_<dir>
is set to an
absolute path it will result in a malformed path with two absolute paths
joined together. Instead, use CMAKE_INSTALL_FULL_<dir>
from
GNUInstallDirs.
Published by jgm over 3 years ago
openers_bottom
. Besides causing undefinedopeners_bottom
cmark_add_compile_options
when a new compilation target is added.Published by jgm over 3 years ago
cmark_get_default_mem_allocator()
(#330). API change: thisopeners_bottom
<?
, <!DECL
or <![CDATA[
couldcmark_node_append_child
to appendtextarea
like script
, style
, pre
(type 1 HTML block),MAX_INDENT
for xml (#355). Otherwise we can get quadratichoudini_html_u.c
rather thaninlines.c
. Unlike the other,print_usage()
: Minor grammar fix, swap two words (#305, Øyvind A. Holm).memcpy
with NULL
as first parameter.blocks.c
.is_autolink
(Nick Wellnhofer). In a recent commit,strcmp
, but we really have to use strncmp
.is_autolink
(Nick Wellnhofer).cmark_node
to cmark_parser
.cmark_node
by 8 bytes.struct cmark_list
(Nick Wellnhofer).struct cmark_node
.CMARK_OPT_SMART
is enabled, we escape literal -
, .
, and quotecmark_renderer
.size_t
instead of int
.string.h
in cmark-fuzz.c
.cmark_reference_lookup
(when it is expectedcmark_reference_lookup
query in O(log n). Any further lookup callsqsort
and bsearch
), whilst performing better thancmark_strbuf_cstr
in buffer.h
.--safe
command-line option as a no-op (#344), for backwardsadd_subdirectory
or be installed into the system (or some otherfind_package(cmark)
. In both cases thecmark::cmark
and/or cmark::cmark_static
is all thatcmarkConfig.cmake
filecmake-config-version.cmake
file forfind_package()
to search for the same major version.lib/cmake/cmark/cmark-config.cmake
,lib/cmake/cmark/cmark-config-version.cmake
,lib/cmake/cmark/cmark-targets.cmake
,lib/cmake/cmark/cmark-targets-release.cmake
.-Wconst-qual
warning (Saleem Abdulrasool). This enables building/Zc:strictString
with MSVC as well.CMAKE_INCLUDE_CURRENT_DIRECTORY
.GNUInstallDirs
once.add_compile_definitions
with add_compile_options
LINKER_LANGUAGE
property for C++ runtime.add_compile_options
rather than modify CMAKE_C_FLAGS
.-fvisibilty
flags to top-level.CMARK_STATIC
is on (default), link the executable with the staticCMARK_STATIC
is off, link the executable with the shared library.html.escape
instead of cgi.escape
(#313).__name__
check.__name__
check in test scripts (Nick Wellnhofer).--normalize
which no longer exists (#332).Published by jgm over 5 years ago
[0.29.0]
CMARK_OPT_UNSAFE
and make CMARK_OPT_SAFE
a no-op (for API compatibility). The new default behavior is to suppress raw HTML and potentially dangerous links. The CMARK_OPT_UNSAFE
option has to be set explicitly to prevent this. NOTE: This change will require modifications in bindings for cmark and in most libraries and programs that use cmark. Borrows heavily from @kivikakk's patch in github/cmark-gfm#123.<>
link destination in reference link.memory.h
(#290).<
unless it is an angle-bracket link that also ends with >
(#289). (If your URL really starts with <
, URL-escape it.)references.h
in parser.h
(#287).[link](<foo\>)
.ends_with_blank_line
with S_
prefix.CMARK_NODE__LAST_LINE_CHECKED
flag (#284). Use this to avoid unnecessary recursion in ends_with_blank_line
.ends_with_blank_line
, call S_set_last_line_blank
to avoid unnecessary repetition (#284). Once we settle whether a list item ends in a blank line, we don't need to revisit this in considering parent list items.(
in parenthesized link title.subj
since it's been modified while parsing the subject and could represent line info from a future line. This is simple and works.render.c
: reset last_breakable
after cr. Fixes jgm/pandoc#5033.houdini_href_e.c
(Felix Yan).~~~
fences if info string contains backtick. This is needed for round-trip tests.cmark -t xml
back to Commonmark.add_compiler_export_flags()
(Jonathan Müller). It is deprecated in CMake 3.0, the replacement is to set the CXX_VISIBILITY_PRESET
(or in our case C_VISIBILITY_PRESET
) and VISIBILITY_INLINES_HIDDEN
properties of the target. We're already setting them by setting the CMake variables anyway, so the call can be removed.cmake_host_system_information does not recognize <key> VS_15_DIR
. CMake will not find these system libraries on non-Windows hosts anyways, and we were silencing the warnings, so simply omit the installation when cross-compiling to Windows.xml:space="preserve"
in XML output when appropriate (Nguyễn Thái Ngọc Duy). (For text, code, code_block, html_inline and html_block tags.)entity_tests.py
- omit noisy success output.pathological_tests.py
: make tests run faster. Commented out the (already ignored) "many references" test, which times out. Reduced the iterations for a couple other tests.pathological_tests.py
: added test for deeply nested lists.S_find_first_nonspace
. We were needlessly redoing things we'd already done. Now we skip the work if the first nonspace is greater than the current offset. This fixes pathological slowdown with deeply nested lists (#255). For N = 3000, the time goes from over 17s to about 0.7s. Thanks to Martin Mitas for diagnosing the problem.->size
is zero so renderer.buffer->ptr[renderer.buffer->size - 1]
will cause an out-of-bounds read. Empty buffers always point to the global cmark_strbuf__initbuf
buffer so we read cmark_strbuf__initbuf[-1]
.CMARK_SHARED=OFF
(Nick Wellnhofer).width
parameter to be generated too so we get better fuzz-coverage.pathological_tests.py
. This allows us to include tests that we don't yet know how to pass.pathological_tests.py
. Tests must complete in 8 seconds or are errors.Published by jgm almost 7 years ago
Published by jgm about 7 years ago
Published by jgm about 7 years ago
--smart
: open quote can never occur right after ]
or )
(#227).finalize
(Vicent Marti).CMAKE_INSTALL_LIBDIR
to create libcmark.pc
(#236). This wasn't getting set in processing libcmark.pc.in
, and we were getting the wrong entry in libcmark.pc
. The new approach sets an internal libdir
variable to lib${LIB_SUFFIX}
. This variable is used both to set the install destination and in the libcmark.pc.in template.make astyle
with make format
(Nguyễn Thái Ngọc Duy).Published by jgm about 7 years ago
Update spec.
Use unsigned integer when shifting (Phil Turnbull).
Avoids a UBSAN warning which can be triggered when handling a
long sequence of backticks.
Avoid memcpy'ing NULL pointers (Phil Turnbull).
Avoids a UBSAN warning when link title is empty string.
The length of the memcpy is zero so the NULL pointer is not
dereferenced but it is still undefined behaviour.
DeMorgan simplification of some tests in emphasis parser.
This also brings the code into closer alignment with the wording
of the spec (see jgm/CommonMark#467).
Fixed undefined shift in commonmark writer (#211).
Found by google/oss-fuzz:
https://oss-fuzz.com/v2/testcase-detail/4686992824598528.
latex writer: fix memory overflow (#210).
We got an array overflow in enumerated lists nested more than
10 deep with start number =/= 1.
This commit also ensures that we don't try to set enum_
counters
that aren't defined by LaTeX (generally up to enumv).
Found by google/oss-fuzz:
https://oss-fuzz.com/v2/testcase-detail/5546760854306816.
Check for NULL pointer in get_link_type (Phil Turnbull).
echo '[](xx:)' | ./build/src/cmark -t latex
gave a
segfault.
Move fuzzing dictionary into single file (Phil Turnbull).
This allows AFL and libFuzzer to use the same dictionary
Reset bytes after UTF8 proc (Yuki Izumi, #206).
Don't scan past an EOL (Yuki Izumi).
The existing negated character classes ([^…]
) are careful to
always include \x00
in the characters excluded, but these .
catch-alls can scan right past the terminating NUL placed
at the end of the buffer by _scan_at
. As such, buffer
overruns can occur. Also, don't scan past a newline in HTML
block end scanners.
Document cases where get_
functions return NULL
(#155).
E.g. cmark_node_get_url
on a non-link or image.
Properly handle backslashes in link destinations (#192).
Only ascii punctuation characters are escapable, per the spec.
Fixed cmark_node_get_list_start
to return 0 for bullet lists,
as documented (#202).
Use CMARK_NO_DELIM
for bullet lists (#201).
Fixed code for freeing delimiter stack (#189).
Removed abort outside of conditional (typo).
Removed coercion in error message when aborting from buffer.
Print message to stderr when we abort due to memory demands (#188).
libcmark.pc
: use CMAKE_INSTALL_LIBDIR
(#185, Jens Petersen).
Needed for multilib distros like Fedora.
Fixed buffer overflow error in S_parser_feed
(#184).
The overflow could occur in the following condition:
the buffer ends with \r
and the next memory address
contains \n
.
Update emphasis parsing for spec change.
Strong now goes inside Emph rather than the reverse,
when both scopes are possible. The code is much simpler.
This also avoids a spec inconsistency that cmark had previously:
***hi***
became Strong (Emph "hi")) but
***hi****
became Emph (Strong "hi")) "*"
Fixes for the LaTeX renderer (#182, Doeme)
\-
is a hyphenation, so it doesn't get displayed at all.Added a test for NULL when freeing subj->last_delim
.
Cleaned up setting of lower bounds for openers.
We now use a much smaller array.
Fix #178, quadratic parsing bug. Add pathological test.
Slight improvement of clarity of logic in emph matching.
Fix "multiple of 3" determination in emph/strong parsing.
We need to store the length of the original delimiter run,
instead of using the length of the remaining delimiters
after some have been subtracted. Test case:
a***b* c*
. Thanks to Raph Levin for reporting.
Correctly initialize chunk in S_process_line (Nick Wellnhofer, #170).
The alloc
member wasn't initialized. This also allows to add an
assertion in chunk_rtrim
which doesn't work for alloced chunks.
Added 'make newbench'.
scanners.c
generated with re2c 0.16 (68K smaller!).
scanners.re
- fixed warnings; use *
for fallback.
Fixed some warnings in scanners.re
.
Update CaseFolding to latest (Kevin Wojniak, #168).
Allow balanced nested parens in link destinations (Yuki Izumi, #166)
Allocate enough bytes for backticks array.
Inlines: Ensure that the delimiter stack is freed in subject.
Fixed pathological cases with backtick code spans:
Removed recursion in scan_to_closing_backticks
Added an array of pointers to potential backtick closers
to subject
This array is used to avoid traversing the subject again
when we've already seen all the potential backtick closers.
Added a max bound of 1000 for backtick code span delimiters.
This helps with pathological cases like:
x
x `
x ``
x ```
x ````
...
Added pathological test case.
Thanks to Martin Mitáš for identifying the problem and for
discussion of solutions.
Remove redundant cmake_minimum_required (#163, @kainjow).
Make shared and static libraries optional (Azamat H. Hackimov).
Now you can enable/disable compilation and installation targets for
shared and static libraries via -DCMARK_SHARED=ON/OFF
and
-DCMARK_STATIC=ON/OFF
.
Added support for built-in ${LIB_SUFFIX}
feature (Azamat H.
Hackimov). Replaced ${LIB_INSTALL_DIR}
option with built-in
${LIB_SUFFIX}
for installing for 32/64-bit systems. Normally,
CMake will set ${LIB_SUFFIX}
automatically for required enviroment.
If you have any issues with it, you can override this option with
-DLIB_SUFFIX=64
or -DLIB_SUFFIX=""
during configuration.
Add Makefile target and harness to fuzz with libFuzzer (Phil Turnbull).
This can be run locally with make libFuzzer
but the harness will be
integrated into oss-fuzz for large-scale fuzzing.
Advertise --validate-utf8
in usage information
(Nguyễn Thái Ngọc Duy).
Makefile: use warnings with re2c.
README: Add link to Python wrapper, prettify languages list
(Pavlo Kapyshin).
README: Add link to cmark-scala (Tim Nieradzik, #196)
Published by jgm almost 8 years ago
Published by jgm almost 8 years ago
CMAKE_C_VISIBILITY_PRESET
for cmake versions greater than 1.8print_delimiters
(commented out) so it compiles again.make format
: don't change order of includes.\0
and \n
(Yuki Izumi).cmark_mem
to free where used to alloc (Yuki Izumi).(
(jgm/CommonMark#427).Published by jgm over 8 years ago
$(MAKE)
in Makefile instead of hardcoded make
(#146,Published by jgm over 8 years ago
chunk_set_cstr
with suffix of current string (#139,cmark_chunk_set_cstr
is calledprocess_emphasis
now gets better results in corner cases.cmark_reference_lookup
: Return NULL if reference is null string.commonmark.c
(Nick Wellnhofer).cmark_isalpha
.commonmark.c
.cmark.h
and its man page (#124).CMARK_OPT_NOBREAKS
to all renderers and add --nobreaks
.CMARK_OPT_NOBREAKS
is set.CMARK_OPT_HARDBREAKS
for LaTeX and man renderers.CMARK_OPT_NOBREAKS
is enabled, or if output is CommonMark andCMARK_OPT_HARDBREAKS
is enabled.NOBREAKS
option is HTML-onlyno_linebreaks
instead of no_wrap
.realurllen
to int
. This is an alternate solution for pulllink_text
(Mathiew Duponchelle).cmark_node_new_with_mem
,cmark_parser_new_with_mem
, cmark_mem
to API.SSIZE_T
compat for Win32 (Vicent Marti).to_commonmark
in test/cmark.py
(for round-trip tests).spec_test.py
- parameterize do_test
with converter.spec_tests.py
: exit code is now sum of failures and errors.cmark
instead of the round-trip version, since there was a bug inroundtrip_tests.py
. This replaces the old use of simple shellapi_test
(Mathieu Duponchelle).Published by jgm over 8 years ago
partially_consumed_tab
on every new line (#114, Nick Wellnhofer).last_buffer_ended_with_cr
.Published by jgm over 8 years ago
Published by jgm over 8 years ago
Fixed tabs in indentation (#101). This patch fixes S_advance_offset
so that it doesn't gobble a tab character when advancing less than the
width of a tab.
Added partially_consumed_tab to parser. This keeps track of when we
have gotten partway through a tab when consuming initial indentation.
Simplified add_line (only need parser parameter).
Properly handle partially consumed tab. E.g. in
- foo
<TAB><TAB>bar
we should consume two spaces from the second tab, including two spaces
in the code block.
Properly handle tabs with blockquotes and fenced blocks.
Fixed handling of tabs in lists.
Clarified logic in S_advance_offset.
Use an assertion to check for in-range html_block_type.
It's a programming error if the type is out of range.
Refactored S_processLines to make the logic easier to
understand, and added documentation (Mathieu Duponchelle).
Removed unnecessary check for empty string_content.
Factored out contains_inlines.
Moved the cmake minimum version to top line of CMakeLists.txt
(tinysun212).
Fix ctype(3) usage on NetBSD (Kamil Rytarowski). We need to cast value
passed to isspace(3) to unsigned char to explicitly prevent possibly
undefined behavior.
Compile in plain C mode with MSVC 12.0 or newer (Nick Wellnhofer).
Under MSVC, we used to compile in C++ mode to get some C99 features
like mixing declarations and code. With newer MSVC versions, it's
possible to build in plain C mode.
Switched from "inline" to "CMARK_INLINE" (Nick Wellnhofer).
Newer MSVC versions support enough of C99 to be able to compile cmark
in plain C mode. Only the "inline" keyword is still unsupported.
We have to use "__inline" instead.
Added include guards to config.h
config.h.in - added compatibility snprintf, vsnprintf for MSVC.
Replaced sprintf with snprintf (Marco Benelli).
config.h: include stdio.h for _vscprintf etc.
Include starg.h when needed in config.h.
Removed an unnecessary C99-ism in buffer.c. This helps compiling on
systems like luarocks that don't have all the cmake configuration
goodness (thanks to carlmartus).
Don't use variable length arrays (Nick Wellnhofer).
They're not supported by MSVC.
Test with multiple MSVC versions under Appveyor (Nick Wellnhofer).
Fix installation dir of man-pages on NetBSD (Kamil Rytarowski).
Fixed typo in cmark.h comments (Chris Eidhof).
Clarify in man page that cmark_node_free frees a node's children too.
Fixed documentation of --width in man page.
Require re2c >= 1.14.2 (#102).
Generated scanners.c with more recent re2c.
Published by jgm almost 9 years ago
is_autolink
- handle case where link has no children,)
and.
characters after digits were escaped; now they arerender.c
: (a) renderer->begin_content
is only set tobegin_content
is properly initialized to true.consolidate_text_nodes
.Published by jgm almost 9 years ago
cmark_node_replace(oldnode, newnode)
.fenced
in cmark_render_html
.fenced
.test/smart_punct.txt
.test/spec.txt
, test/smart_punct.txt
, andspec_tests.py
to new format.get_containing_block
logic in src/commonmark.c
.CUSTOM_BLOCK
,CUSTOM_INLINE
. The old versions raw_inline
andraw_block
were being used, and this led to incorrect xml output.scheme
scanner according to spec change. We no longer useCUSTOM_BLOCK
(#96).cmark.h
: moved typedefs for iterator into iterator section.make_man_page.py
so it includes typedefs again.Published by jgm almost 9 years ago
CUSTOM_BLOCK
and CUSTOM_INLINE
node types.CUSTOM_BLOCK
. These nodes can have children, but theycmark_node_get_on_enter
,cmark_node_set_on_enter
, cmark_node_get_on_exit
,cmark_node_set_on_exit
to API.NODE_HTML
-> NODE_HTML_BLOCK
,NODE_INLINE_HTML
-> NODE_HTML_INLINE
. Define aliasesCMARK_NODE_HEADER
-> CMARK_NODE_HEADING
.CMARK_NODE_HEADER
= CMARK_NODE_HEADING
,cmark_node_get_header_level
= cmark_node_get_heading_level
, andcmark_node_set_header_level
= cmark_node_set_heading_level
.CMARK_NODE_HRULE
-> CMARK_NODE_THEMATIC_BREAK
.cmark.h
(#88).> \- foo
.[foo](#bar)
as \protect\hyperlink{bar}{foo}
.Makefile.nmake
: be more robust when cmake is missing. Previously,build/CMakeFiles
is more robust -- this won'tsize_t
to int
. This fixes an MSVC warningcmark_parse_document
example (Lee Jeffery).CMARK_...
).make bench
.time
has limited resolution.bench.h
and timing calls in main.c
.scanners.c
using re2c 0.15.3.TIMER
macro.LIB_INSTALL_DIR
configurable (Mathieu Bridon, #79).input
, not parser->curline
to determine last line length._scan_at
.TAB_STOP
.make format
reformat api tests as well.begin_content
field. This is like begin_line
except>
) is printed by the renderer, andconvert_charrefs=False
in normalize.py
(#83). This defeats the