From 7cebb9b737eddced828073453004720f9970be6a Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Tue, 29 Aug 2023 23:03:16 -0400
Subject: [PATCH] [ruby/yarp] fix: incomplete escape in list at the end of file

Previously this resulted in invalid memory access.

Found by the fuzzer.

https://github.com/ruby/yarp/commit/78ed75ed75
---
 test/yarp/fuzzer_test.rb | 1 +
 yarp/yarp.c              | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/test/yarp/fuzzer_test.rb b/test/yarp/fuzzer_test.rb
index 6f8cde0d09..52d7f77e9f 100644
--- a/test/yarp/fuzzer_test.rb
+++ b/test/yarp/fuzzer_test.rb
@@ -21,4 +21,5 @@ class FuzzerTest < Test::Unit::TestCase
   snippet "incomplete binary number", "0b"
   snippet "incomplete octal number", "0o"
   snippet "incomplete hex number", "0x"
+  snippet "incomplete escaped list", "%w[\\"
 end
diff --git a/yarp/yarp.c b/yarp/yarp.c
index 6b2a3c64e8..3b2f29bf01 100644
--- a/yarp/yarp.c
+++ b/yarp/yarp.c
@@ -6952,6 +6952,12 @@ parser_lex(yp_parser_t *parser) {
                 // literally. In this case we'll skip past the next character
                 // and find the next breakpoint.
                 if (*breakpoint == '\\') {
+                    // Check that we're not at the end of the file.
+                    if (breakpoint + 1 >= parser->end) {
+                        breakpoint = NULL;
+                        continue;
+                    }
+
                     yp_unescape_type_t unescape_type = lex_mode->as.list.interpolation ? YP_UNESCAPE_ALL : YP_UNESCAPE_MINIMAL;
                     size_t difference = yp_unescape_calculate_difference(parser, breakpoint, unescape_type, false);