[ruby/yarp] fix: incomplete escape in regex at the end of file

Previously this resulted in invalid memory access.

Found by the fuzzer.

https://github.com/ruby/yarp/commit/55b9dfb41c
This commit is contained in:
Mike Dalessio 2023-08-30 08:31:33 -04:00 committed by git
parent 7cebb9b737
commit 341f47a6dd
2 changed files with 7 additions and 0 deletions

View File

@ -22,4 +22,5 @@ class FuzzerTest < Test::Unit::TestCase
snippet "incomplete octal number", "0o"
snippet "incomplete hex number", "0x"
snippet "incomplete escaped list", "%w[\\"
snippet "incomplete escaped regex", "/a\\"
end

View File

@ -7091,6 +7091,12 @@ parser_lex(yp_parser_t *parser) {
// literally. In this case we'll skip past the next character
// and find the next breakpoint.
if (*breakpoint == '\\') {
// Check that we're not at the end of the file.
if (breakpoint + 1 >= parser->end) {
breakpoint = NULL;
continue;
}
size_t difference = yp_unescape_calculate_difference(parser, breakpoint, YP_UNESCAPE_ALL, false);
// If the result is an escaped newline ...