From c1c5225b7207d3be0a63ef1abfd62fc3b04acb2b Mon Sep 17 00:00:00 2001
From: AnotherTest <ali.mpfard@gmail.com>
Date: Thu, 3 Dec 2020 12:28:47 +0330
Subject: [PATCH] LibRegex: Fix assertion when parsing '(?'

Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28186&q=label%3AProj-serenity
---
 Libraries/LibRegex/RegexLexer.cpp  | 3 +++
 Libraries/LibRegex/Tests/Regex.cpp | 1 +
 2 files changed, 4 insertions(+)

diff --git a/Libraries/LibRegex/RegexLexer.cpp b/Libraries/LibRegex/RegexLexer.cpp
index 6a78a39e16..c7e154e307 100644
--- a/Libraries/LibRegex/RegexLexer.cpp
+++ b/Libraries/LibRegex/RegexLexer.cpp
@@ -64,6 +64,9 @@ ALWAYS_INLINE char Lexer::peek(size_t offset) const
 
 void Lexer::back(size_t offset)
 {
+    if (offset == m_position + 1)
+        offset = m_position; // 'position == 0' occurs twice.
+
     ASSERT(offset <= m_position);
     if (!offset)
         return;
diff --git a/Libraries/LibRegex/Tests/Regex.cpp b/Libraries/LibRegex/Tests/Regex.cpp
index 41f45e2232..c4aa8c8d7e 100644
--- a/Libraries/LibRegex/Tests/Regex.cpp
+++ b/Libraries/LibRegex/Tests/Regex.cpp
@@ -496,6 +496,7 @@ TEST_CASE(ECMA262_parse)
         { ",/=-:" },                                       // #4243
         { "\\x" },                                         // Even invalid escapes are allowed if ~unicode.
         { "\\", regex::Error::InvalidTrailingEscape },
+        { "(?", regex::Error::InvalidCaptureGroup },
     };
 
     for (auto& test : tests) {