diff options
author | Linus Groh <mail@linusgroh.de> | 2020-11-29 23:32:29 +0000 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2020-11-30 11:36:24 +0100 |
commit | 8284f878673cf2419a707c25f3eaf45aeb0229cb (patch) | |
tree | 0243f6ca5b4b260fb15d6a61d13767d901e5745f /Libraries/LibRegex | |
parent | 7094697743479e8774dcce1c4c04b41c5992807d (diff) | |
download | serenity-8284f878673cf2419a707c25f3eaf45aeb0229cb.zip |
LibRegex: Add bounds check to Lexer::back()
If the offset is zero and we're already at the end of the lexer's input
an out of bounds read (m_source[m_position]) would occur.
Also check that the offset is not more than m_position (which should
never be the case, and would result in m_position underflowing).
Fixes #4253.
Diffstat (limited to 'Libraries/LibRegex')
-rw-r--r-- | Libraries/LibRegex/RegexLexer.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Libraries/LibRegex/RegexLexer.cpp b/Libraries/LibRegex/RegexLexer.cpp index a9439ff656..6a78a39e16 100644 --- a/Libraries/LibRegex/RegexLexer.cpp +++ b/Libraries/LibRegex/RegexLexer.cpp @@ -64,8 +64,11 @@ ALWAYS_INLINE char Lexer::peek(size_t offset) const void Lexer::back(size_t offset) { + ASSERT(offset <= m_position); + if (!offset) + return; m_position -= offset; - m_previous_position = m_position - 1; + m_previous_position = (m_position > 0) ? m_position - 1 : 0; m_current_char = m_source[m_position]; } |