adinowicki
diff --git a/‎blocks.c
+268-258 b/‎blocks.c
+268-258
diff --git a/‎buffer.c
+20-57 b/‎buffer.c
+20-57
diff --git a/‎buffer.h
+9-20 b/‎buffer.h
+9-20
diff --git a/‎chunk.h
+24-21 b/‎chunk.h
+24-21
diff --git a/‎cmark.c
+16 b/‎cmark.c
+16
@@ -5,10 +5,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
+#include <limits.h>
 
 #include "config.h"
 #include "cmark_ctype.h"
 #include "buffer.h"
+#include "memory.h"
 
 /* Used as default value for cmark_strbuf->ptr so that people can always
  * assume ptr is non-NULL and zero terminated even for new cmark_strbufs.
@@ -19,7 +21,9 @@ unsigned char cmark_strbuf__initbuf[1];
 #define MIN(x, y) ((x < y) ? x : y)
 #endif
 
-void cmark_strbuf_init(cmark_strbuf *buf, bufsize_t initial_size) {
+void cmark_strbuf_init(cmark_mem *mem, cmark_strbuf *buf,
+                       bufsize_t initial_size) {
+  buf->mem = mem;
   buf->asize = 0;
   buf->size = 0;
   buf->ptr = cmark_strbuf__initbuf;
@@ -28,68 +32,28 @@ void cmark_strbuf_init(cmark_strbuf *buf, bufsize_t initial_size) {
     cmark_strbuf_grow(buf, initial_size);
 }
 
-void cmark_strbuf_overflow_err() {
-  fprintf(stderr, "String buffer overflow");
-  abort();
-}
-
-static CMARK_INLINE void S_strbuf_grow_by(cmark_strbuf *buf, size_t add) {
-  size_t target_size = (size_t)buf->size + add;
-
-  if (target_size < add            /* Integer overflow. */
-      || target_size > BUFSIZE_MAX /* Truncation overflow. */
-      ) {
-    cmark_strbuf_overflow_err();
-    return; /* unreachable */
-  }
-
-  if ((bufsize_t)target_size >= buf->asize)
-    cmark_strbuf_grow(buf, (bufsize_t)target_size);
+static CMARK_INLINE void S_strbuf_grow_by(cmark_strbuf *buf, bufsize_t add) {
+  cmark_strbuf_grow(buf, buf->size + add);
 }
 
 void cmark_strbuf_grow(cmark_strbuf *buf, bufsize_t target_size) {
-  unsigned char *new_ptr;
+  assert(target_size > 0);
 
   if (target_size < buf->asize)
     return;
 
-  if (buf->asize == 0) {
-    new_ptr = NULL;
-  } else {
-    new_ptr = buf->ptr;
-  }
+  if (target_size > (bufsize_t)(INT32_MAX / 2))
+    abort();
 
   /* Oversize the buffer by 50% to guarantee amortized linear time
    * complexity on append operations. */
-  size_t new_size = (size_t)target_size + (size_t)target_size / 2;
-
-  /* Account for terminating null byte. */
+  bufsize_t new_size = target_size + target_size / 2;
   new_size += 1;
-
-  /* round allocation up to multiple of 8 */
   new_size = (new_size + 7) & ~7;
 
-  if (new_size < (size_t)target_size /* Integer overflow. */
-      || new_size > BUFSIZE_MAX      /* Truncation overflow. */
-      ) {
-    if (target_size >= BUFSIZE_MAX) {
-      /* No space for terminating null byte. */
-      cmark_strbuf_overflow_err();
-      return; /* unreachable */
-    }
-    /* Oversize by the maximum possible amount. */
-    new_size = BUFSIZE_MAX;
-  }
-
-  new_ptr = (unsigned char *)realloc(new_ptr, new_size);
-
-  if (!new_ptr) {
-    perror("realloc in cmark_strbuf_grow");
-    abort();
-  }
-
-  buf->asize = (bufsize_t)new_size;
-  buf->ptr = new_ptr;
+  buf->ptr = (unsigned char *)buf->mem->realloc(buf->asize ? buf->ptr : NULL,
+                                                new_size);
+  buf->asize = new_size;
 }
 
 bufsize_t cmark_strbuf_len(const cmark_strbuf *buf) { return buf->size; }
@@ -99,9 +63,9 @@ void cmark_strbuf_free(cmark_strbuf *buf) {
     return;
 
   if (buf->ptr != cmark_strbuf__initbuf)
-    free(buf->ptr);
+    buf->mem->free(buf->ptr);
 
-  cmark_strbuf_init(buf, 0);
+  cmark_strbuf_init(buf->mem, buf, 0);
 }
 
 void cmark_strbuf_clear(cmark_strbuf *buf) {
@@ -128,7 +92,7 @@ void cmark_strbuf_set(cmark_strbuf *buf, const unsigned char *data,
 
 void cmark_strbuf_sets(cmark_strbuf *buf, const char *string) {
   cmark_strbuf_set(buf, (const unsigned char *)string,
-                   string ? cmark_strbuf_safe_strlen(string) : 0);
+                   string ? strlen(string) : 0);
 }
 
 void cmark_strbuf_putc(cmark_strbuf *buf, int c) {
@@ -149,8 +113,7 @@ void cmark_strbuf_put(cmark_strbuf *buf, const unsigned char *data,
 }
 
 void cmark_strbuf_puts(cmark_strbuf *buf, const char *string) {
-  cmark_strbuf_put(buf, (const unsigned char *)string,
-                   cmark_strbuf_safe_strlen(string));
+  cmark_strbuf_put(buf, (const unsigned char *)string, strlen(string));
 }
 
 void cmark_strbuf_copy_cstr(char *data, bufsize_t datasize,
@@ -184,10 +147,10 @@ unsigned char *cmark_strbuf_detach(cmark_strbuf *buf) {
 
   if (buf->asize == 0) {
     /* return an empty string */
-    return (unsigned char *)calloc(1, 1);
+    return (unsigned char *)buf->mem->calloc(1, 1);
   }
 
-  cmark_strbuf_init(buf, 0);
+  cmark_strbuf_init(buf->mem, buf, 0);
   return data;
 }
 
 
@@ -5,32 +5,35 @@
 #include <stdarg.h>
 #include <string.h>
 #include <limits.h>
+#include <stdint.h>
 #include "config.h"
+#include "cmark.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-typedef int bufsize_t;
+typedef int32_t bufsize_t;
 
 typedef struct {
+  cmark_mem *mem;
   unsigned char *ptr;
   bufsize_t asize, size;
 } cmark_strbuf;
 
 extern unsigned char cmark_strbuf__initbuf[];
 
-#define GH_BUF_INIT                                                            \
-  { cmark_strbuf__initbuf, 0, 0 }
-#define BUFSIZE_MAX INT_MAX
+#define CMARK_BUF_INIT(mem)                                                    \
+  { mem, cmark_strbuf__initbuf, 0, 0 }
 
 /**
  * Initialize a cmark_strbuf structure.
  *
- * For the cases where GH_BUF_INIT cannot be used to do static
+ * For the cases where CMARK_BUF_INIT cannot be used to do static
  * initialization.
  */
-void cmark_strbuf_init(cmark_strbuf *buf, bufsize_t initial_size);
+void cmark_strbuf_init(cmark_mem *mem, cmark_strbuf *buf,
+                       bufsize_t initial_size);
 
 /**
  * Grow the buffer to hold at least `target_size` bytes.
@@ -72,20 +75,6 @@ void cmark_strbuf_trim(cmark_strbuf *buf);
 void cmark_strbuf_normalize_whitespace(cmark_strbuf *s);
 void cmark_strbuf_unescape(cmark_strbuf *s);
 
-/* Print error and abort. */
-void cmark_strbuf_overflow_err(void);
-
-static CMARK_INLINE bufsize_t cmark_strbuf_check_bufsize(size_t size) {
-  if (size > BUFSIZE_MAX) {
-    cmark_strbuf_overflow_err();
-  }
-  return (bufsize_t)size;
-}
-
-static CMARK_INLINE bufsize_t cmark_strbuf_safe_strlen(const char *str) {
-  return cmark_strbuf_check_bufsize(strlen(str));
-}
-
 #ifdef __cplusplus
 }
 #endif
 
@@ -4,8 +4,10 @@
 #include <string.h>
 #include <stdlib.h>
 #include <assert.h>
-#include "cmark_ctype.h"
+#include "cmark.h"
 #include "buffer.h"
+#include "memory.h"
+#include "cmark_ctype.h"
 
 #define CMARK_CHUNK_EMPTY                                                      \
   { NULL, 0, 0 }
@@ -16,9 +18,9 @@ typedef struct {
   bufsize_t alloc; // also implies a NULL-terminated string
 } cmark_chunk;
 
-static CMARK_INLINE void cmark_chunk_free(cmark_chunk *c) {
+static CMARK_INLINE void cmark_chunk_free(cmark_mem *mem, cmark_chunk *c) {
   if (c->alloc)
-    free(c->data);
+    mem->free(c->data);
 
   c->data = NULL;
   c->alloc = 0;
@@ -48,56 +50,57 @@ static CMARK_INLINE void cmark_chunk_trim(cmark_chunk *c) {
   cmark_chunk_rtrim(c);
 }
 
-static CMARK_INLINE bufsize_t cmark_chunk_strchr(cmark_chunk *ch, int c,
-                                                 bufsize_t offset) {
+static CMARK_INLINE bufsize_t
+    cmark_chunk_strchr(cmark_chunk *ch, int c, bufsize_t offset) {
   const unsigned char *p =
       (unsigned char *)memchr(ch->data + offset, c, ch->len - offset);
   return p ? (bufsize_t)(p - ch->data) : ch->len;
 }
 
-static CMARK_INLINE const char *cmark_chunk_to_cstr(cmark_chunk *c) {
+static CMARK_INLINE const char *cmark_chunk_to_cstr(cmark_mem *mem,
+                                                    cmark_chunk *c) {
   unsigned char *str;
 
   if (c->alloc) {
     return (char *)c->data;
   }
-  str = (unsigned char *)malloc(c->len + 1);
-  if (str != NULL) {
-    if (c->len > 0) {
-      memcpy(str, c->data, c->len);
-    }
-    str[c->len] = 0;
+  str = (unsigned char *)mem->calloc(c->len + 1, 1);
+  if (c->len > 0) {
+    memcpy(str, c->data, c->len);
   }
+  str[c->len] = 0;
   c->data = str;
   c->alloc = 1;
 
   return (char *)str;
 }
 
-static CMARK_INLINE void cmark_chunk_set_cstr(cmark_chunk *c, const char *str) {
-  if (c->alloc) {
-    free(c->data);
-  }
+static CMARK_INLINE void cmark_chunk_set_cstr(cmark_mem *mem, cmark_chunk *c,
+                                              const char *str) {
+  unsigned char *old = c->alloc ? c->data : NULL;
   if (str == NULL) {
     c->len = 0;
     c->data = NULL;
     c->alloc = 0;
   } else {
-    c->len = cmark_strbuf_safe_strlen(str);
-    c->data = (unsigned char *)malloc(c->len + 1);
+    c->len = (bufsize_t)strlen(str);
+    c->data = (unsigned char *)mem->calloc(c->len + 1, 1);
     c->alloc = 1;
     memcpy(c->data, str, c->len + 1);
   }
+  if (old != NULL) {
+    mem->free(old);
+  }
 }
 
 static CMARK_INLINE cmark_chunk cmark_chunk_literal(const char *data) {
-  bufsize_t len = data ? cmark_strbuf_safe_strlen(data) : 0;
+  bufsize_t len = data ? (bufsize_t)strlen(data) : 0;
   cmark_chunk c = {(unsigned char *)data, len, 0};
   return c;
 }
 
-static CMARK_INLINE cmark_chunk cmark_chunk_dup(const cmark_chunk *ch,
-                                                bufsize_t pos, bufsize_t len) {
+static CMARK_INLINE cmark_chunk
+    cmark_chunk_dup(const cmark_chunk *ch, bufsize_t pos, bufsize_t len) {
   cmark_chunk c = {ch->data + pos, len, 0};
   return c;
 }
 
@@ -10,6 +10,22 @@ int cmark_version() { return CMARK_VERSION; }
 
 const char *cmark_version_string() { return CMARK_VERSION_STRING; }
 
+static void *xcalloc(size_t nmem, size_t size) {
+  void *ptr = calloc(nmem, size);
+  if (!ptr)
+    abort();
+  return ptr;
+}
+
+static void *xrealloc(void *ptr, size_t size) {
+  void *new_ptr = realloc(ptr, size);
+  if (!new_ptr)
+    abort();
+  return new_ptr;
+}
+
+cmark_mem DEFAULT_MEM_ALLOCATOR = {xcalloc, xrealloc, free};
+
 char *cmark_markdown_to_html(const char *text, size_t len, int options) {
   cmark_node *doc;
   char *result;