From 3a74bd2509714c2143b8ca58bfe4ac2f9977ed72 Mon Sep 17 00:00:00 2001
From: Andrew Kaster <akaster@serenityos.org>
Date: Mon, 11 Sep 2023 16:29:29 -0600
Subject: [PATCH] LibWeb: Don't try to deserialize past length of strings

If we serialize a string followed by some other object, the deserialize
helper would just happily keep appending bytes to the string until the
end of the serialization buffer. Avoid doing that by checking the string
length for figuring out when the string actually ends.
---
 Userland/Libraries/LibWeb/HTML/StructuredSerialize.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibWeb/HTML/StructuredSerialize.cpp b/Userland/Libraries/LibWeb/HTML/StructuredSerialize.cpp
index c73eb05f43..61f3ece718 100644
--- a/Userland/Libraries/LibWeb/HTML/StructuredSerialize.cpp
+++ b/Userland/Libraries/LibWeb/HTML/StructuredSerialize.cpp
@@ -332,7 +332,7 @@ private:
         Vector<u8> bytes;
         TRY_OR_THROW_OOM(vm, bytes.try_ensure_capacity(size));
         u64 byte_position = 0;
-        while (position < vector.size()) {
+        while (position < vector.size() && byte_position < size) {
             for (u8 i = 0; i < 4; ++i) {
                 bytes.append(vector[position] >> (i * 8) & 0xFF);
                 byte_position++;