summaryrefslogtreecommitdiff
path: root/Libraries/LibRegex
diff options
context:
space:
mode:
authorLinus Groh <mail@linusgroh.de>2020-11-29 23:32:29 +0000
committerAndreas Kling <kling@serenityos.org>2020-11-30 11:36:24 +0100
commit8284f878673cf2419a707c25f3eaf45aeb0229cb (patch)
tree0243f6ca5b4b260fb15d6a61d13767d901e5745f /Libraries/LibRegex
parent7094697743479e8774dcce1c4c04b41c5992807d (diff)
downloadserenity-8284f878673cf2419a707c25f3eaf45aeb0229cb.zip
LibRegex: Add bounds check to Lexer::back()
If the offset is zero and we're already at the end of the lexer's input an out of bounds read (m_source[m_position]) would occur. Also check that the offset is not more than m_position (which should never be the case, and would result in m_position underflowing). Fixes #4253.
Diffstat (limited to 'Libraries/LibRegex')
-rw-r--r--Libraries/LibRegex/RegexLexer.cpp5
1 files changed, 4 insertions, 1 deletions
diff --git a/Libraries/LibRegex/RegexLexer.cpp b/Libraries/LibRegex/RegexLexer.cpp
index a9439ff656..6a78a39e16 100644
--- a/Libraries/LibRegex/RegexLexer.cpp
+++ b/Libraries/LibRegex/RegexLexer.cpp
@@ -64,8 +64,11 @@ ALWAYS_INLINE char Lexer::peek(size_t offset) const
void Lexer::back(size_t offset)
{
+ ASSERT(offset <= m_position);
+ if (!offset)
+ return;
m_position -= offset;
- m_previous_position = m_position - 1;
+ m_previous_position = (m_position > 0) ? m_position - 1 : 0;
m_current_char = m_source[m_position];
}