1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 05:47:35 +00:00

LibJS: Remove read buffer overflow in Lexer::consume

The position is added to manually in the line terminator and Unicode
character cases. While it checks for EOF after doing so, the EOF check
used `!=` instead of `<`, meaning if the position went _over_ the
source length, it wouldn't think it was EOF and would cause read buffer
overflows.

For example, `0xea` followed by `0xfd` would cause this.
This commit is contained in:
Luke Wilde 2021-09-10 23:04:36 +01:00 committed by Andreas Kling
parent bb6634b024
commit ae0bdda86e

View file

@ -141,7 +141,7 @@ Lexer::Lexer(StringView source, StringView filename, size_t line_number, size_t
void Lexer::consume()
{
auto did_reach_eof = [this] {
if (m_position != m_source.length())
if (m_position < m_source.length())
return false;
m_eof = true;
m_current_char = '\0';