LibRegex: Consume exactly two chars for escaped characters

We were previously consuming an extra char afterwards, which could be the charclass terminator, leading to possible OOB accesses.
author: Ali Mohammad Pur <ali.mpfard@gmail.com> 2022-09-06 23:56:12 +0430
committer: Ali Mohammad Pur <Ali.mpfard@gmail.com> 2022-09-12 16:03:57 +0430
commit: 48442059fcab714fdf3a30e86560ea6f3abe1361 (patch)
tree: 592ce57ee6de952214cb6e746303d79a8e39cd5e /Userland
parent: 7e1e208d089cb873931b4180be9227cb46b47235 (diff)
download: serenity-48442059fcab714fdf3a30e86560ea6f3abe1361.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/Userland/Libraries/LibRegex/RegexParser.cpp b/Userland/Libraries/LibRegex/RegexParser.cpp
index 01d1fab996..557632c650 100644
--- a/Userland/Libraries/LibRegex/RegexParser.cpp
+++ b/Userland/Libraries/LibRegex/RegexParser.cpp
@@ -2701,10 +2701,13 @@ size_t ECMA262Parser::ensure_total_number_of_capturing_parenthesis()
             continue;
         case '[':
             while (!lexer.is_eof()) {
-                if (lexer.consume_specific('\\'))
+                if (lexer.consume_specific('\\')) {
                     lexer.consume();
-                else if (lexer.consume_specific(']'))
+                    continue;
+                }
+                if (lexer.consume_specific(']')) {
                     break;
+                }
                 lexer.consume();
             }
             break;
author	Ali Mohammad Pur <ali.mpfard@gmail.com>	2022-09-06 23:56:12 +0430
committer	Ali Mohammad Pur <Ali.mpfard@gmail.com>	2022-09-12 16:03:57 +0430
commit	48442059fcab714fdf3a30e86560ea6f3abe1361 (patch)
tree	592ce57ee6de952214cb6e746303d79a8e39cd5e /Userland
parent	7e1e208d089cb873931b4180be9227cb46b47235 (diff)
download	serenity-48442059fcab714fdf3a30e86560ea6f3abe1361.zip