From 7b13fb557b041a5a09ad2880931c7f80904e420d Mon Sep 17 00:00:00 2001
From: Oriko <oriko1010@protonmail.com>
Date: Wed, 11 Mar 2020 13:42:51 +0200
Subject: [PATCH] LibGUI: Fix overflow crash in highlighter

---
 Libraries/LibGUI/CppSyntaxHighlighter.cpp | 24 ++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/Libraries/LibGUI/CppSyntaxHighlighter.cpp b/Libraries/LibGUI/CppSyntaxHighlighter.cpp
index abb11248a4..edac5b3a4c 100644
--- a/Libraries/LibGUI/CppSyntaxHighlighter.cpp
+++ b/Libraries/LibGUI/CppSyntaxHighlighter.cpp
@@ -77,7 +77,18 @@ void CppSyntaxHighlighter::highlight_matching_token_pair()
     auto find_span_of_type = [&](auto i, CppToken::Type type, CppToken::Type not_type, Direction direction) -> Optional<size_t> {
         size_t nesting_level = 0;
         bool forward = direction == Direction::Forward;
-        for (forward ? ++i : --i; forward ? (i < document.spans().size()) : (i >= 0); forward ? ++i : --i) {
+
+        if (forward) {
+            ++i;
+            if (i >= document.spans().size())
+                return {};
+        } else {
+            if (i == 0)
+                return {};
+            --i;
+        }
+
+        for (;;) {
             auto& span = document.spans().at(i);
             auto span_token_type = (CppToken::Type)((FlatPtr)span.data);
             if (span_token_type == not_type) {
@@ -86,7 +97,18 @@ void CppSyntaxHighlighter::highlight_matching_token_pair()
                 if (nesting_level-- <= 0)
                     return i;
             }
+
+            if (forward) {
+                ++i;
+                if (i >= document.spans().size())
+                    return {};
+            } else {
+                if (i == 0)
+                    return {};
+                --i;
+            }
         }
+
         return {};
     };