From 8284f878673cf2419a707c25f3eaf45aeb0229cb Mon Sep 17 00:00:00 2001 From: Linus Groh Date: Sun, 29 Nov 2020 23:32:29 +0000 Subject: [PATCH] LibRegex: Add bounds check to Lexer::back() If the offset is zero and we're already at the end of the lexer's input an out of bounds read (m_source[m_position]) would occur. Also check that the offset is not more than m_position (which should never be the case, and would result in m_position underflowing). Fixes #4253. --- Libraries/LibRegex/RegexLexer.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Libraries/LibRegex/RegexLexer.cpp b/Libraries/LibRegex/RegexLexer.cpp index a9439ff656..6a78a39e16 100644 --- a/Libraries/LibRegex/RegexLexer.cpp +++ b/Libraries/LibRegex/RegexLexer.cpp @@ -64,8 +64,11 @@ ALWAYS_INLINE char Lexer::peek(size_t offset) const void Lexer::back(size_t offset) { + ASSERT(offset <= m_position); + if (!offset) + return; m_position -= offset; - m_previous_position = m_position - 1; + m_previous_position = (m_position > 0) ? m_position - 1 : 0; m_current_char = m_source[m_position]; }