Merge pull request #323 from kevinbackhouse/list-depth-limit

Revert bad fix for GHSA-66g8-4hjf-77xh

Author: kevinbackhouse

extensions/table.c

@@ -311,18 +311,12 @@ static cmark_node *try_opening_table_header(cmark_syntax_extension *self,
     }
   }
 
-  assert(cmark_node_get_type(parent_container) == CMARK_NODE_PARAGRAPH);
   if (!cmark_node_set_type(parent_container, CMARK_NODE_TABLE)) {
     free_table_row(parser->mem, header_row);
     free_table_row(parser->mem, marker_row);
     return parent_container;
   }
 
-  // Update the node counts after parent_container changed type.
-  assert(parent_container->next == NULL);
-  decr_open_block_count(parser, CMARK_NODE_PARAGRAPH);
-  incr_open_block_count(parser, CMARK_NODE_TABLE);
-
   if (header_row->paragraph_offset) {
     try_inserting_table_header_paragraph(parser, parent_container, (unsigned char *)parent_string,
                                          header_row->paragraph_offset);

src/blocks.c

@@ -70,22 +70,6 @@ static void S_parser_feed(cmark_parser *parser, const unsigned char *buffer,
 static void S_process_line(cmark_parser *parser, const unsigned char *buffer,
                            bufsize_t bytes);
 
-static void subtract_open_block_counts(cmark_parser *parser, cmark_node *node) {
-  do {
-    decr_open_block_count(parser, S_type(node));
-    node->flags &= ~CMARK_NODE__OPEN_BLOCK;
-    node = node->last_child;
-  } while (node);
-}
-
-static void add_open_block_counts(cmark_parser *parser, cmark_node *node) {
-  do {
-    incr_open_block_count(parser, S_type(node));
-    node->flags |= CMARK_NODE__OPEN_BLOCK;
-    node = node->last_child;
-  } while (node);
-}
-
 static cmark_node *make_block(cmark_mem *mem, cmark_node_type tag,
                               int start_line, int start_column) {
   cmark_node *e;
@@ -145,7 +129,6 @@ static void cmark_parser_reset(cmark_parser *parser) {
   parser->refmap = cmark_reference_map_new(parser->mem);
   parser->root = document;
   parser->current = document;
-  add_open_block_counts(parser, document);
 
   parser->syntax_extensions = saved_exts;
   parser->inline_syntax_extensions = saved_inline_exts;
@@ -259,18 +242,15 @@ static void remove_trailing_blank_lines(cmark_strbuf *ln) {
 // Check to see if a node ends with a blank line, descending
 // if needed into lists and sublists.
 static bool S_ends_with_blank_line(cmark_node *node) {
-  while (true) {
-    if (S_last_line_checked(node)) {
-      return(S_last_line_blank(node));
-    } else if ((S_type(node) == CMARK_NODE_LIST ||
-                S_type(node) == CMARK_NODE_ITEM) && node->last_child) {
-      S_set_last_line_checked(node);
-      node = node->last_child;
-      continue;
-    } else {
-      S_set_last_line_checked(node);
-      return (S_last_line_blank(node));
-    }
+  if (S_last_line_checked(node)) {
+    return(S_last_line_blank(node));
+  } else if ((S_type(node) == CMARK_NODE_LIST ||
+              S_type(node) == CMARK_NODE_ITEM) && node->last_child) {
+    S_set_last_line_checked(node);
+    return(S_ends_with_blank_line(node->last_child));
+  } else {
+    S_set_last_line_checked(node);
+    return (S_last_line_blank(node));
   }
 }
 
@@ -330,12 +310,6 @@ static cmark_node *finalize(cmark_parser *parser, cmark_node *b) {
     has_content = resolve_reference_link_definitions(parser, b);
     if (!has_content) {
       // remove blank node (former reference def)
-      if (b->flags & CMARK_NODE__OPEN_BLOCK) {
-        decr_open_block_count(parser, S_type(b));
-        if (b->prev) {
-          add_open_block_counts(parser, b->prev);
-        }
-      }
       cmark_node_free(b);
     }
     break;
@@ -408,17 +382,6 @@ static cmark_node *finalize(cmark_parser *parser, cmark_node *b) {
   return parent;
 }
 
-// Recalculates the number of open blocks. Returns true if it matches what's currently stored
-// in parser. (Used to check that the counts in parser, which are updated incrementally, are
-// correct.)
-bool check_open_block_counts(cmark_parser *parser) {
-  cmark_parser tmp_parser = {0}; // Only used for its open_block_counts and total_open_blocks fields.
-  add_open_block_counts(&tmp_parser, parser->root);
-  return
-    tmp_parser.total_open_blocks == parser->total_open_blocks &&
-    memcmp(tmp_parser.open_block_counts, parser->open_block_counts, sizeof(parser->open_block_counts)) == 0;
-}
-
 // Add a node as child of another.  Return pointer to child.
 static cmark_node *add_child(cmark_parser *parser, cmark_node *parent,
                              cmark_node_type block_type, int start_column) {
@@ -437,14 +400,11 @@ static cmark_node *add_child(cmark_parser *parser, cmark_node *parent,
   if (parent->last_child) {
     parent->last_child->next = child;
     child->prev = parent->last_child;
-    subtract_open_block_counts(parser, parent->last_child);
   } else {
     parent->first_child = child;
     child->prev = NULL;
   }
   parent->last_child = child;
-  add_open_block_counts(parser, child);
-
   return child;
 }
 
@@ -1087,14 +1047,8 @@ static cmark_node *check_open_blocks(cmark_parser *parser, cmark_chunk *input,
   *all_matched = false;
   cmark_node *container = parser->root;
   cmark_node_type cont_type;
-  cmark_parser tmp_parser; // Only used for its open_block_counts and total_open_blocks fields.
-  memcpy(tmp_parser.open_block_counts, parser->open_block_counts, sizeof(parser->open_block_counts));
-  tmp_parser.total_open_blocks = parser->total_open_blocks;
-
-  assert(check_open_block_counts(parser));
 
   while (S_last_child_is_open(container)) {
-    decr_open_block_count(&tmp_parser, S_type(container));
     container = container->last_child;
     cont_type = S_type(container);
 
@@ -1106,53 +1060,6 @@ static cmark_node *check_open_blocks(cmark_parser *parser, cmark_chunk *input,
       continue;
     }
 
-    // This block of code is a workaround for the quadratic performance
-    // issue described here (issue 2):
-    //
-    // https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
-    //
-    // If the current line is empty then we might be able to skip directly
-    // to the end of the list of open blocks. To determine whether this is
-    // possible, we have been maintaining a count of the number of
-    // different types of open blocks. The main criterium is that every
-    // remaining block, except the last element of the list, is a LIST or
-    // ITEM. The code below checks the conditions, and if they're ok, skips
-    // forward to parser->current.
-    if (parser->blank && parser->indent == 0) {  // Current line is empty
-      // Make sure that parser->current doesn't point to a closed block.
-      if (parser->current->flags & CMARK_NODE__OPEN_BLOCK) {
-        if (parser->current->flags & CMARK_NODE__OPEN) {
-          const size_t n_list = read_open_block_count(&tmp_parser, CMARK_NODE_LIST);
-          const size_t n_item = read_open_block_count(&tmp_parser, CMARK_NODE_ITEM);
-          // At most one block can be something other than a LIST or ITEM.
-          if (n_list + n_item + 1 >= tmp_parser.total_open_blocks) {
-            // Check that parser->current is suitable for jumping to.
-            switch (S_type(parser->current)) {
-            case CMARK_NODE_LIST:
-            case CMARK_NODE_ITEM:
-              if (n_list + n_item != tmp_parser.total_open_blocks) {
-                if (parser->current->last_child == NULL) {
-                  // There's another node type somewhere in the middle of
-                  // the list, so don't attempt the optimization.
-                  break;
-                }
-              }
-              // fall through
-            case CMARK_NODE_CODE_BLOCK:
-            case CMARK_NODE_PARAGRAPH:
-            case CMARK_NODE_HTML_BLOCK:
-              // Jump to parser->current
-              container = parser->current;
-              cont_type = S_type(container);
-              break;
-            default:
-              break;
-            }
-          }
-        }
-      }
-    }
-
     switch (cont_type) {
     case CMARK_NODE_BLOCK_QUOTE:
       if (!parse_block_quote_prefix(parser, input))
@@ -1286,9 +1193,8 @@ static void open_new_blocks(cmark_parser *parser, cmark_node **container,
       has_content = resolve_reference_link_definitions(parser, *container);
 
       if (has_content) {
-        cmark_node_set_type(*container, CMARK_NODE_HEADING);
-        decr_open_block_count(parser, CMARK_NODE_PARAGRAPH);
-        incr_open_block_count(parser, CMARK_NODE_HEADING);
+
+        (*container)->type = (uint16_t)CMARK_NODE_HEADING;
         (*container)->as.heading.level = lev;
         (*container)->as.heading.setext = true;
         S_advance_offset(parser, input, input->len - 1 - parser->offset, false);
@@ -1443,7 +1349,7 @@ static void add_text_to_container(cmark_parser *parser, cmark_node *container,
   S_set_last_line_blank(container, last_line_blank);
 
   tmp = container;
-  while (tmp->parent && S_last_line_blank(tmp->parent)) {
+  while (tmp->parent) {
     S_set_last_line_blank(tmp->parent, false);
     tmp = tmp->parent;
   }
@@ -1572,7 +1478,6 @@ static void S_process_line(cmark_parser *parser, const unsigned char *buffer,
 
   parser->line_number++;
 
-  assert(parser->current->next == NULL);
   last_matched_container = check_open_blocks(parser, &input, &all_matched);
 
   if (!last_matched_container)

src/cmark-gfm.h

@@ -37,16 +37,6 @@ char *cmark_markdown_to_html(const char *text, size_t len, int options);
 #define CMARK_NODE_TYPE_MASK (0xc000)
 #define CMARK_NODE_VALUE_MASK (0x3fff)
 
-/**
- * This is the maximum number of block types (CMARK_NODE_DOCUMENT,
- * CMARK_NODE_HEADING, ...). It needs to be bigger than the number of
- * hardcoded block types (below) to allow for extensions (see
- * cmark_syntax_extension_add_node). But it also determines the size of the
- * open_block_counts array in the cmark_parser struct, so we don't want it
- * to be excessively large.
- */
-#define CMARK_NODE_TYPE_BLOCK_LIMIT 0x20
-
 typedef enum {
   /* Error status */
   CMARK_NODE_NONE = 0x0000,

src/node.h

@@ -50,13 +50,12 @@ typedef struct {
 
 enum cmark_node__internal_flags {
   CMARK_NODE__OPEN = (1 << 0),
-  CMARK_NODE__OPEN_BLOCK = (1 << 1),
-  CMARK_NODE__LAST_LINE_BLANK = (1 << 2),
-  CMARK_NODE__LAST_LINE_CHECKED = (1 << 3),
+  CMARK_NODE__LAST_LINE_BLANK = (1 << 1),
+  CMARK_NODE__LAST_LINE_CHECKED = (1 << 2),
 
   // Extensions can register custom flags by calling `cmark_register_node_flag`.
   // This is the starting value for the custom flags.
-  CMARK_NODE__REGISTER_FIRST = (1 << 4),
+  CMARK_NODE__REGISTER_FIRST = (1 << 3),
 };
 
 typedef uint16_t cmark_node_internal_flags;

src/parser.h

@@ -50,47 +50,8 @@ struct cmark_parser {
   cmark_llist *syntax_extensions;
   cmark_llist *inline_syntax_extensions;
   cmark_ispunct_func backslash_ispunct;
-
-  /**
-   * The "open" blocks are the blocks visited by the loop in
-   * check_open_blocks (blocks.c). I.e. the blocks in this list:
-   *
-   *   parser->root->last_child->...->last_child
-   *
-   * open_block_counts is used to keep track of how many of each type of
-   * node are currently in the open blocks list. Knowing these counts can
-   * sometimes help to end the loop in check_open_blocks early, improving
-   * efficiency.
-   *
-   * The count is stored at this offset: type - CMARK_NODE_TYPE_BLOCK - 1
-   * For example, CMARK_NODE_LIST (0x8003) is stored at offset 2.
-   */
-  size_t open_block_counts[CMARK_NODE_TYPE_BLOCK_LIMIT];
-  size_t total_open_blocks;
 };
 
-static CMARK_INLINE void incr_open_block_count(cmark_parser *parser, cmark_node_type type) {
-  assert(type > CMARK_NODE_TYPE_BLOCK);
-  assert(type <= CMARK_NODE_TYPE_BLOCK + CMARK_NODE_TYPE_BLOCK_LIMIT);
-  parser->open_block_counts[type - CMARK_NODE_TYPE_BLOCK - 1]++;
-  parser->total_open_blocks++;
-}
-
-static CMARK_INLINE void decr_open_block_count(cmark_parser *parser, cmark_node_type type) {
-  assert(type > CMARK_NODE_TYPE_BLOCK);
-  assert(type <= CMARK_NODE_TYPE_BLOCK + CMARK_NODE_TYPE_BLOCK_LIMIT);
-  assert(parser->open_block_counts[type - CMARK_NODE_TYPE_BLOCK - 1] > 0);
-  parser->open_block_counts[type - CMARK_NODE_TYPE_BLOCK - 1]--;
-  assert(parser->total_open_blocks > 0);
-  parser->total_open_blocks--;
-}
-
-static CMARK_INLINE size_t read_open_block_count(cmark_parser *parser, cmark_node_type type) {
-  assert(type > CMARK_NODE_TYPE_BLOCK);
-  assert(type <= CMARK_NODE_TYPE_BLOCK + CMARK_NODE_TYPE_BLOCK_LIMIT);
-  return parser->open_block_counts[type - CMARK_NODE_TYPE_BLOCK - 1];
-}
-
 #ifdef __cplusplus
 }
 #endif

src/syntax_extension.c

@@ -29,10 +29,7 @@ cmark_syntax_extension *cmark_syntax_extension_new(const char *name) {
 cmark_node_type cmark_syntax_extension_add_node(int is_inline) {
   cmark_node_type *ref = !is_inline ? &CMARK_NODE_LAST_BLOCK : &CMARK_NODE_LAST_INLINE;
 
-  if ((*ref & CMARK_NODE_VALUE_MASK) >= CMARK_NODE_TYPE_BLOCK_LIMIT) {
-    // This assertion will fail if you try to register more extensions than
-    // are currently allowed by CMARK_NODE_TYPE_BLOCK_MAXNUM. Try increasing
-    // the limit.
+  if ((*ref & CMARK_NODE_VALUE_MASK) == CMARK_NODE_VALUE_MASK) {
     assert(false);
     return (cmark_node_type) 0;
   }