Fixed undefined shift in commonmark writer.

jgm · jgm · commit 6e8f0bf2d394 · 2017-06-29T10:32:06.000+02:00
Closes commonmark#211. Found by google/oss-fuzz: https://oss-fuzz.com/v2/testcase-detail/4686992824598528
diff --git a/src/commonmark.c b/src/commonmark.c
@@ -1,6 +1,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <stdint.h>
 #include <assert.h>
 
 #include "config.h"
@@ -81,15 +82,17 @@ static int longest_backtick_sequence(const char *code) {
 }
 
 static int shortest_unused_backtick_sequence(const char *code) {
-  int32_t used = 1;
+  // note: if the shortest sequence is >= 32, this returns 32
+  // so as not to overflow the bit array.
+  uint32_t used = 1;
   int current = 0;
   size_t i = 0;
   size_t code_len = strlen(code);
   while (i <= code_len) {
     if (code[i] == '`') {
       current++;
     } else {
-      if (current) {
+      if (current > 0 && current < 32) {
         used |= (1 << current);
       }
       current = 0;
@@ -98,7 +101,7 @@ static int shortest_unused_backtick_sequence(const char *code) {
   }
   // return number of first bit that is 0:
   i = 0;
-  while (used & 1) {
+  while (i < 32 && used & 1) {
     used = used >> 1;
     i++;
   }
