blackfriday
blackfriday copied to clipboard
Published
20 hours ago •
russross
russross
Panic on listItem function
Hi,
While I was fuzzing this library with go-fuzz, I am encountered with the following panic (index out of range error). I assume it is a simple size check mistake on the 1363th line of listItem function in block.go. It should be for next < len(data) - 1 && data[next] != '\n' rather than for next < len(data) && data[next] != '\n' . I have tried my patch and it works normally.
Go version:
go version go1.16.4 linux/amd64
Linux kernel:
Linux fuzz1 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
My code (https://play.golang.org/p/lboSQ4YCIeh) :
package main
import "github.com/russross/blackfriday/v2"
func main() {
data := []byte {':','\t','\n','\n','0','\n','0','0'}
blackfriday.Run(data)
}
Error:
panic: runtime error: index out of range [8] with length 8
goroutine 1 [running]:
github.com/russross/blackfriday/v2.(*Markdown).listItem(0xc0000de900, 0xc0000143f0, 0x8, 0x8, 0xc0000addc8, 0xc000086780)
/home/fuzz/go/pkg/mod/github.com/russross/blackfriday/[email protected]/block.go:1369 +0xedd
github.com/russross/blackfriday/v2.(*Markdown).list(0xc0000de900, 0xc0000143f0, 0x8, 0x8, 0x12, 0x0)
/home/fuzz/go/pkg/mod/github.com/russross/blackfriday/[email protected]/block.go:1135 +0xfb
github.com/russross/blackfriday/v2.(*Markdown).block(0xc0000de900, 0xc0000143f0, 0x8, 0x8)
/home/fuzz/go/pkg/mod/github.com/russross/blackfriday/[email protected]/block.go:187 +0x3a5
github.com/russross/blackfriday/v2.(*Markdown).Parse(0xc0000de900, 0xc0000143f0, 0x8, 0x8, 0x0)
/home/fuzz/go/pkg/mod/github.com/russross/blackfriday/[email protected]/markdown.go:404 +0x4d
github.com/russross/blackfriday/v2.Run(0xc0000143f0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4e4640, 0xc00005e058)
/home/fuzz/go/pkg/mod/github.com/russross/blackfriday/[email protected]/markdown.go:388 +0x1a5
main.main()
/home/fuzz/fuzz/deneme.go:9 +0x6b
exit status 2
