mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-07-29 20:29:18 +00:00
LibRegex: Consume exactly two chars for escaped characters
We were previously consuming an extra char afterwards, which could be the charclass terminator, leading to possible OOB accesses.
This commit is contained in:
parent
7e1e208d08
commit
48442059fc
Notes:
sideshowbarker
2024-07-17 07:14:38 +09:00
Author: https://github.com/alimpfard
Commit: 48442059fc
Pull-request: https://github.com/SerenityOS/serenity/pull/15148
1 changed files with 5 additions and 2 deletions
|
@ -2701,10 +2701,13 @@ size_t ECMA262Parser::ensure_total_number_of_capturing_parenthesis()
|
|||
continue;
|
||||
case '[':
|
||||
while (!lexer.is_eof()) {
|
||||
if (lexer.consume_specific('\\'))
|
||||
if (lexer.consume_specific('\\')) {
|
||||
lexer.consume();
|
||||
else if (lexer.consume_specific(']'))
|
||||
continue;
|
||||
}
|
||||
if (lexer.consume_specific(']')) {
|
||||
break;
|
||||
}
|
||||
lexer.consume();
|
||||
}
|
||||
break;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue