[Q] What is a "marker row"?

[juhp]

GHSA-mc3g-88wq-6f4x talks about "marker rows".
While I do see markers mentioned in the referenced code, searching for "markdown table marker row"
in general basically only hits on this advisory. Could you briefly explain what a "marker row" is?
I understand header row, delimiter row, and data row, but what is a marker row?

I am trying to work out a test to check that the mentioned CVE is indeed fixed, but since I don't understand "marker row", I am not sure what to test exactly, thanks.

[juhp]

Does it just mean a normal data row basically?
I just managed to reproduce without the fix for 2^16 columns.

[wooorm]

| a |
| - | <-- I presume this one. It doesn’t really have a name, so there are different words floating around
| b |

[juhp]

Okay - I think the spec calls that a delimiter row, but guess that makes sense.

[QuietMisdreavus]

Yes, what the security advisory calls a "marker row" is the same thing that the spec calls a "delimiter row". I imagine this term was used because that's how it's called in the source:

cmark-gfm/extensions/table.c

Lines 247 to 254 in ef1cfcb

	// Since scan_table_start was successful, we must have a marker row.
	marker_row = row_from_string(self, parser,
	input + cmark_parser_get_first_nonspace(parser),
	len - cmark_parser_get_first_nonspace(parser));
	// assert may be optimized out, don't rely on it for security boundaries
	if (!marker_row) {
	return parent_container;
	}

[waldyrious]

Update: the code has now been updated to refer to these as "delimiter rows" as well — see #273.