Merge pull request from GHSA-xxmq-4vph-956w

refmap: port github/cmark-gfm@b4f01062

Author: kivikakk

src/parser/inlines.rs

@@ -25,7 +25,7 @@ pub struct Subject<'a: 'd, 'r, 'o, 'd, 'i, 'c: 'subj, 'subj> {
     pub input: &'i [u8],
     pub pos: usize,
     flags: Flags,
-    pub refmap: &'r mut HashMap<Vec<u8>, Reference>,
+    pub refmap: &'r mut RefMap,
     delimiter_arena: &'d Arena<Delimiter<'a, 'd>>,
     last_delimiter: Option<&'d Delimiter<'a, 'd>>,
     brackets: Vec<Bracket<'a>>,
@@ -50,6 +50,37 @@ struct Flags {
     skip_html_comment: bool,
 }
 
+pub struct RefMap {
+    pub map: HashMap<Vec<u8>, Reference>,
+    pub(crate) max_ref_size: usize,
+    ref_size: usize,
+}
+
+impl RefMap {
+    pub fn new() -> Self {
+        Self {
+            map: HashMap::new(),
+            max_ref_size: usize::MAX,
+            ref_size: 0,
+        }
+    }
+
+    fn lookup(&mut self, lab: &[u8]) -> Option<Reference> {
+        match self.map.get(lab) {
+            Some(entry) => {
+                let size = entry.url.len() + entry.title.len();
+                if size > self.max_ref_size - self.ref_size {
+                    None
+                } else {
+                    self.ref_size += size;
+                    Some(entry.clone())
+                }
+            }
+            None => None,
+        }
+    }
+}
+
 pub struct Delimiter<'a: 'd, 'd> {
     inl: &'a AstNode<'a>,
     position: usize,
@@ -73,7 +104,7 @@ impl<'a, 'r, 'o, 'd, 'i, 'c, 'subj> Subject<'a, 'r, 'o, 'd, 'i, 'c, 'subj> {
         arena: &'a Arena<AstNode<'a>>,
         options: &'o ComrakOptions,
         input: &'i [u8],
-        refmap: &'r mut HashMap<Vec<u8>, Reference>,
+        refmap: &'r mut RefMap,
         delimiter_arena: &'d Arena<Delimiter<'a, 'd>>,
         callback: Option<&'subj mut Callback<'c>>,
     ) -> Self {
@@ -1066,7 +1097,7 @@ impl<'a, 'r, 'o, 'd, 'i, 'c, 'subj> Subject<'a, 'r, 'o, 'd, 'i, 'c, 'subj> {
         // Need to normalize both to lookup in refmap and to call callback
         lab = strings::normalize_label(&lab);
         let mut reff = if found_label {
-            self.refmap.get(&lab).cloned()
+            self.refmap.lookup(&lab)
         } else {
             None
         };

src/parser/mod.rs

@@ -27,6 +27,8 @@ use typed_arena::Arena;
 
 use crate::adapters::HeadingAdapter;
 
+use self::inlines::RefMap;
+
 const TAB_STOP: usize = 4;
 const CODE_INDENT: usize = 4;
 
@@ -114,7 +116,7 @@ type Callback<'c> = &'c mut dyn FnMut(&[u8]) -> Option<(Vec<u8>, Vec<u8>)>;
 
 pub struct Parser<'a, 'o, 'c> {
     arena: &'a Arena<AstNode<'a>>,
-    refmap: HashMap<Vec<u8>, Reference>,
+    refmap: RefMap,
     root: &'a AstNode<'a>,
     current: &'a AstNode<'a>,
     line_number: u32,
@@ -128,6 +130,7 @@ pub struct Parser<'a, 'o, 'c> {
     partially_consumed_tab: bool,
     last_line_length: usize,
     last_buffer_ended_with_cr: bool,
+    total_size: usize,
     options: &'o ComrakOptions,
     callback: Option<Callback<'c>>,
 }
@@ -586,7 +589,7 @@ impl<'a, 'o, 'c> Parser<'a, 'o, 'c> {
     ) -> Self {
         Parser {
             arena,
-            refmap: HashMap::new(),
+            refmap: RefMap::new(),
             root,
             current: root,
             line_number: 0,
@@ -600,6 +603,7 @@ impl<'a, 'o, 'c> Parser<'a, 'o, 'c> {
             partially_consumed_tab: false,
             last_line_length: 0,
             last_buffer_ended_with_cr: false,
+            total_size: 0,
             options,
             callback,
         }
@@ -609,6 +613,12 @@ impl<'a, 'o, 'c> Parser<'a, 'o, 'c> {
         let mut buffer = 0;
         let s = s.as_bytes();
 
+        if s.len() > usize::MAX - self.total_size {
+            self.total_size = usize::MAX;
+        } else {
+            self.total_size += s.len();
+        }
+
         if self.last_buffer_ended_with_cr && s.len() > 0 && s[0] == b'\n' {
             buffer += 1;
         }
@@ -1468,6 +1478,13 @@ impl<'a, 'o, 'c> Parser<'a, 'o, 'c> {
         }
 
         self.finalize(self.root);
+
+        self.refmap.max_ref_size = if self.total_size > 100000 {
+            self.total_size
+        } else {
+            100000
+        };
+
         self.process_inlines();
         if self.options.extension.footnotes {
             self.process_footnotes();
@@ -1877,7 +1894,7 @@ impl<'a, 'o, 'c> Parser<'a, 'o, 'c> {
 
         lab = strings::normalize_label(&lab);
         if !lab.is_empty() {
-            subj.refmap.entry(lab.to_vec()).or_insert(Reference {
+            subj.refmap.map.entry(lab.to_vec()).or_insert(Reference {
                 url: strings::clean_url(&url),
                 title: strings::clean_title(&title),
             });

src/strings.rs

@@ -1,6 +1,7 @@
 use crate::ctype::{ispunct, isspace};
 use crate::entity;
 use crate::parser::AutolinkType;
+#[cfg(feature = "syntect")]
 use std::collections::HashMap;
 use std::ptr;
 use std::str;