From 0c8f2f5aca3308b9d51daa428eecc5a625a28720 Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Wed, 11 Aug 2021 11:18:57 -0400
Subject: [PATCH] LibRegex: Ensure escaped hexadecimals are exactly 2 digits in
 length

---
 Tests/LibRegex/Regex.cpp                    | 4 ++++
 Userland/Libraries/LibRegex/RegexParser.cpp | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Tests/LibRegex/Regex.cpp b/Tests/LibRegex/Regex.cpp
index 3a4f26a348..88a7e2927f 100644
--- a/Tests/LibRegex/Regex.cpp
+++ b/Tests/LibRegex/Regex.cpp
@@ -499,6 +499,10 @@ TEST_CASE(ECMA262_parse)
         { "\\/" },                                         // #4189
         { ",/=-:" },                                       // #4243
         { "\\x" },                                         // Even invalid escapes are allowed if ~unicode.
+        { "\\x1" },                                        // Even invalid escapes are allowed if ~unicode.
+        { "\\x1", regex::Error::InvalidPattern, regex::ECMAScriptFlags::Unicode },
+        { "\\x11" },
+        { "\\x11", regex::Error::NoError, regex::ECMAScriptFlags::Unicode },
         { "\\", regex::Error::InvalidTrailingEscape },
         { "(?", regex::Error::InvalidCaptureGroup },
         { "\\u1234", regex::Error::NoError, regex::ECMAScriptFlags::Unicode },
diff --git a/Userland/Libraries/LibRegex/RegexParser.cpp b/Userland/Libraries/LibRegex/RegexParser.cpp
index c60bb7d7e0..a19faa02f0 100644
--- a/Userland/Libraries/LibRegex/RegexParser.cpp
+++ b/Userland/Libraries/LibRegex/RegexParser.cpp
@@ -1450,7 +1450,7 @@ bool ECMA262Parser::parse_atom_escape(ByteCode& stack, size_t& match_length_mini
 
     // HexEscape
     if (try_skip("x")) {
-        if (auto hex_escape = read_digits(ReadDigitsInitialZeroState::Allow, true, 2); hex_escape.has_value()) {
+        if (auto hex_escape = read_digits(ReadDigitsInitialZeroState::Allow, true, 2, 2); hex_escape.has_value()) {
             match_length_minimum += 1;
             stack.insert_bytecode_compare_values({ { CharacterCompareType::Char, (ByteCodeValueType)hex_escape.value() } });
             return true;
@@ -1802,7 +1802,7 @@ bool ECMA262Parser::parse_nonempty_class_ranges(Vector<CompareTypeAndValuePair>&
 
             // HexEscape
             if (try_skip("x")) {
-                if (auto hex_escape = read_digits(ReadDigitsInitialZeroState::Allow, true, 2); hex_escape.has_value()) {
+                if (auto hex_escape = read_digits(ReadDigitsInitialZeroState::Allow, true, 2, 2); hex_escape.has_value()) {
                     return { CharClassRangeElement { .code_point = hex_escape.value(), .is_character_class = false } };
                 } else if (!unicode) {
                     // '\x' is allowed in non-unicode mode, just matches 'x'.