shithub: hugo

Download patch

ref: be9df847723f414770d38c071eada0cbe646b4e3
parent: be7b830f33ca947fc6109e631c40b1c3e10666dd
author: bep <[email protected]>
date: Thu Apr 30 11:59:14 EDT 2015 

shortcodeparser: fix panic on slash following opening shortcode comment

Fixes #1093


--- a/hugolib/page.go
+++ b/hugolib/page.go
@@ -752,7 +752,7 @@
 
 	// these short codes aren't used until after Page render,
 	// but processed here to avoid coupling
-	tmpContent, tmpContentShortCodes := extractAndRenderShortcodes(string(p.rawContent), p, t)
+	tmpContent, tmpContentShortCodes, _ := extractAndRenderShortcodes(string(p.rawContent), p, t)
 	p.rawContent = []byte(tmpContent)
 	p.contentShortCodes = tmpContentShortCodes
 
--- a/hugolib/shortcode.go
+++ b/hugolib/shortcode.go
@@ -125,8 +125,12 @@
 // HandleShortcodes does all in  one go: extract, render and replace
 // only used for testing
 func HandleShortcodes(stringToParse string, page *Page, t tpl.Template) (string, error) {
-	tmpContent, tmpShortcodes := extractAndRenderShortcodes(stringToParse, page, t)
+	tmpContent, tmpShortcodes, err := extractAndRenderShortcodes(stringToParse, page, t)
 
+	if err != nil {
+		return "", err
+	}
+
 	if len(tmpShortcodes) > 0 {
 		tmpContentWithTokensReplaced, err := replaceShortcodeTokens([]byte(tmpContent), shortcodePlaceholderPrefix, true, tmpShortcodes)
 
@@ -236,7 +240,7 @@
 	return renderShortcodeWithPage(tmpl, data)
 }
 
-func extractAndRenderShortcodes(stringToParse string, p *Page, t tpl.Template) (string, map[string]string) {
+func extractAndRenderShortcodes(stringToParse string, p *Page, t tpl.Template) (string, map[string]string, error) {
 
 	content, shortcodes, err := extractShortcodes(stringToParse, p, t)
 	renderedShortcodes := make(map[string]string)
@@ -255,7 +259,7 @@
 		}
 	}
 
-	return content, renderedShortcodes
+	return content, renderedShortcodes, err
 
 }
 
--- a/hugolib/shortcode_test.go
+++ b/hugolib/shortcode_test.go
@@ -31,6 +31,35 @@
 	}
 }
 
+func TestShortcodeGoFuzzReports(t *testing.T) {
+	tem := tpl.New()
+
+	tem.AddInternalShortcode("sc.html", `foo`)
+	p, _ := pageFromString(SIMPLE_PAGE, "simple.md")
+
+	for i, this := range []struct {
+		data      string
+		expectErr bool
+	}{
+		{"{{</*/", true},
+	} {
+		output, err := HandleShortcodes(this.data, p, tem)
+
+		if this.expectErr && err == nil {
+			t.Errorf("[%d] should have errored", i)
+		}
+
+		if !this.expectErr && err != nil {
+			t.Errorf("[%d] should not have errored: %s", i, err)
+		}
+
+		if !this.expectErr && err == nil && len(output) == 0 {
+			t.Errorf("[%d] empty result", i)
+		}
+	}
+
+}
+
 func TestNonSC(t *testing.T) {
 	tem := tpl.New()
 	// notice the syntax diff from 0.12, now comment delims must be added
--- a/hugolib/shortcodeparser.go
+++ b/hugolib/shortcodeparser.go
@@ -325,7 +325,7 @@
 
 func lexShortcodeComment(l *pagelexer) stateFunc {
 	posRightComment := strings.Index(l.input[l.pos:], rightComment)
-	if posRightComment < 0 {
+	if posRightComment <= 1 {
 		return l.errorf("comment must be closed")
 	}
 	// we emit all as text, except the comment markers