RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 03:27:45 +00:00
Code Issues Activity Actions

LibJS: Remove read buffer overflow in Lexer::consume

Browse source 
The position is added to manually in the line terminator and Unicode
character cases. While it checks for EOF after doing so, the EOF check
used `!=` instead of `<`, meaning if the position went _over_ the
source length, it wouldn't think it was EOF and would cause read buffer
overflows.

For example, `0xea` followed by `0xfd` would cause this.
This commit is contained in:
Luke Wilde 2021-09-10 23:04:36 +01:00 committed by Andreas Kling
parent bb6634b024
commit ae0bdda86e
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Lexer.cpp
View file

@ -141,7 +141,7 @@ Lexer::Lexer(StringView source, StringView filename, size_t line_number, size_t
void Lexer::consume() void Lexer::consume()
{ {
auto did_reach_eof = [this] { auto did_reach_eof = [this] {
if (m_position != m_source.length()) if (m_position < m_source.length())
return false; return false;
m_eof = true; m_eof = true;
m_current_char = '\0'; m_current_char = '\0';