fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2026-02-05 15:27:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibJS: Remove read buffer overflow in Lexer::consume

Browse Source 
The position is added to manually in the line terminator and Unicode
character cases. While it checks for EOF after doing so, the EOF check
used `!=` instead of `<`, meaning if the position went _over_ the
source length, it wouldn't think it was EOF and would cause read buffer
overflows.

For example, `0xea` followed by `0xfd` would cause this.
This commit is contained in:
Luke Wilde
2021-09-10 23:04:36 +01:00
committed by Andreas Kling
parent bb6634b024
commit ae0bdda86e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Userland/Libraries/LibJS/Lexer.cpp
View File

@@ -141,7 +141,7 @@ Lexer::Lexer(StringView source, StringView filename, size_t line_number, size_t
void Lexer::consume()
{
auto did_reach_eof = [this] {
if (m_position != m_source.length())
if (m_position < m_source.length())
return false;
m_eof = true;
m_current_char = '\0';