LibJS: Remove read buffer overflow in Lexer::consume

The position is added to manually in the line terminator and Unicode character cases. While it checks for EOF after doing so, the EOF check used `!=` instead of `<`, meaning if the position went _over_ the source length, it wouldn't think it was EOF and would cause read buffer overflows. For example, `0xea` followed by `0xfd` would cause this.
author: Luke Wilde <lukew@serenityos.org> 2021-09-10 23:04:36 +0100
committer: Andreas Kling <kling@serenityos.org> 2021-10-02 17:16:09 +0200
commit: ae0bdda86e9946e8fc09db0c4dc044b2d975d7fa (patch)
tree: 5d485da3aab758e5a881d5c74a12431bcbfddb90 /Userland/Libraries/LibJS/Lexer.cpp
parent: bb6634b0247bf6d8b70f6baeadde4cc11d4ee1ee (diff)
download: serenity-ae0bdda86e9946e8fc09db0c4dc044b2d975d7fa.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Userland/Libraries/LibJS/Lexer.cpp b/Userland/Libraries/LibJS/Lexer.cpp
index 7c70b0410e..5a02ac560b 100644
--- a/Userland/Libraries/LibJS/Lexer.cpp
+++ b/Userland/Libraries/LibJS/Lexer.cpp
@@ -141,7 +141,7 @@ Lexer::Lexer(StringView source, StringView filename, size_t line_number, size_t
 void Lexer::consume()
 {
     auto did_reach_eof = [this] {
-        if (m_position != m_source.length())
+        if (m_position < m_source.length())
             return false;
         m_eof = true;
         m_current_char = '\0';
author	Luke Wilde <lukew@serenityos.org>	2021-09-10 23:04:36 +0100
committer	Andreas Kling <kling@serenityos.org>	2021-10-02 17:16:09 +0200
commit	ae0bdda86e9946e8fc09db0c4dc044b2d975d7fa (patch)
tree	5d485da3aab758e5a881d5c74a12431bcbfddb90 /Userland/Libraries/LibJS/Lexer.cpp
parent	bb6634b0247bf6d8b70f6baeadde4cc11d4ee1ee (diff)
download	serenity-ae0bdda86e9946e8fc09db0c4dc044b2d975d7fa.zip