76f96c5979
`buffer[i++]` is a `signed char` so this cast does not correctly handle negative values. If a custom tag has a length greater than 128 then `buffer[i++]` is negative and so the `(uint16_t)` cast will cast it to a large unsigned integer. This causes an out-of-bound read when reading the tag name. We need to cast `name_length` to a `uint8_t` first, then widen to a `uint16_t`. |
||
---|---|---|
.. | ||
tree_sitter | ||
binding.cc | ||
grammar.json | ||
highlights.json | ||
injections.json | ||
parser.c | ||
scanner.cc | ||
tag.h |