mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-07-29 20:29:18 +00:00
LibJS: Fix incorrect Lexer VERIFY when parsing Unicode characters
This bug was discovered via OSS fuzz, it's possible to fall through to this assert with a char_size == 1, so we need to account for that in the VERIFY(..). Repro test case can be found in the OSS fuzz bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37296
This commit is contained in:
Brian Gianforcaro
Linus Groh
parent
0f3f814945
commit
77d8a65498
Notes:
sideshowbarker
2024-07-18 05:19:00 +09:00
Author: https://github.com/bgianfo
Commit: 77d8a65498
Pull-request: https://github.com/SerenityOS/serenity/pull/9601
1 changed files with 1 additions and 1 deletions
|
|
@ -201,7 +201,7 @@ void Lexer::consume()
|
||||||
char_size = 4;
|
char_size = 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
VERIFY(char_size > 1);
|
VERIFY(char_size >= 1);
|
||||||
--char_size;
|
--char_size;
|
||||||
|
|
||||||
m_position += char_size;
|
m_position += char_size;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue