From 07054b4ac98d2f221eccfa55ccf1680efd1f9dcb Mon Sep 17 00:00:00 2001
From: Mikhail Khachayants <mkhachaiants@gmail.com>
Date: Mon, 6 Jan 2025 23:45:34 +0200
Subject: [PATCH 1/2] Mustache: fix segmentation fault for unexpected closing
 tag

---
 include/crow/mustache.h                       | 7 +++++++
 tests/fuzz/template_fuzzer.cpp                | 4 ++--
 tests/template/crow_extra_mustache_tests.json | 9 +++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/include/crow/mustache.h b/include/crow/mustache.h
index e0e4889ec..88021df27 100644
--- a/include/crow/mustache.h
+++ b/include/crow/mustache.h
@@ -542,6 +542,13 @@ namespace crow // NOTE: Already documented in "crow/app.h"
                             while (body_[endIdx - 1] == ' ')
                                 endIdx--;
                             {
+                                if (blockPositions.empty())
+                                {
+                                    throw invalid_template_exception(
+                                             std::string("unexpected closing tag: ")
+                                             + body_.substr(idx, endIdx - idx)
+                                             );
+                                }
                                 auto& matched = actions_[blockPositions.back()];
                                 if (body_.compare(idx, endIdx - idx,
                                                   body_, matched.start, matched.end - matched.start) != 0)
diff --git a/tests/fuzz/template_fuzzer.cpp b/tests/fuzz/template_fuzzer.cpp
index 62368c001..5686eac17 100644
--- a/tests/fuzz/template_fuzzer.cpp
+++ b/tests/fuzz/template_fuzzer.cpp
@@ -24,9 +24,9 @@ extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, const std::size_
         auto ctx = build_context_object(fdp);
         page.render_string(ctx);
     }
-    catch (const crow::mustache::invalid_template_exception& e)
+    catch (const std::exception& e)
     {
-        return -1;
+        // No special handling for invalid inputs or rendering errors
     }
 
     return 0;
diff --git a/tests/template/crow_extra_mustache_tests.json b/tests/template/crow_extra_mustache_tests.json
index f81a18913..cb475f97f 100644
--- a/tests/template/crow_extra_mustache_tests.json
+++ b/tests/template/crow_extra_mustache_tests.json
@@ -9,6 +9,15 @@
       },
       "template": "\"{{#boolean}}{{^boolean}}\"",
       "expected": "COMPILE EXCEPTION: crow::mustache error: open tag has no matching end tag {{# {{/ pair: boolean"
+    },
+    {
+      "name": "Unexpected end-tags",
+      "desc": "Unexpected end-tags should fail to render ... and not enter infinite loops or other undefined behaviour",
+      "data": {
+        "boolean": true
+      },
+      "template": "\"{{/unexpected}}\"",
+      "expected": "COMPILE EXCEPTION: crow::mustache error: unexpected closing tag: unexpected"
     }
   ],
   "__ATTN__": "This file was hand-written"

From 8dff896ccd384ea5d75b176b22238993a1dbc34c Mon Sep 17 00:00:00 2001
From: Gulliver <gulliver@traumkristalle.net>
Date: Wed, 21 Feb 2024 22:43:51 +0100
Subject: [PATCH 2/2] updated wit local dirs to be ignored

---
 .gitignore | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.gitignore b/.gitignore
index 427ff92f5..2cd0ef852 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,8 @@ html/
 
 #VS-Code
 .vscode
+.idea
+cmake-build-debug
+.cache
+site
+venv