mirrors/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-04-21 12:05:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

LibJS: Fix possible OOB read during Lexer construction

Browse source 
The Lexer constructor calls consume() once, which initializes m_position
to be > 0 and sets m_character. consume() calls is_line_terminator(),
which wasn't accounting for this state.
This commit is contained in:
Linus Groh 2020-11-25 21:33:48 +00:00 committed by Andreas Kling
parent d477039abc
commit 922d0759b0
Notes: sideshowbarker 2024-07-19 01:15:54 +09:00
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Libraries/LibJS/Lexer.cpp
View file

@ -304,7 +304,7 @@ bool Lexer::is_line_terminator() const
{
if (m_current_char == '\n' || m_current_char == '\r')
return true;
if (m_position + 1 < m_source.length()) {
if (m_position > 0 && m_position + 1 < m_source.length()) {
auto three_chars_view = m_source.substring_view(m_position - 1, 3);
return (three_chars_view == LINE_SEPARATOR) || (three_chars_view == PARAGRAPH_SEPARATOR);
}