From 8b668da9d59e873bdbc0ad8417d3ed90d4c1d7cd Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Fri, 23 Jun 2023 11:02:11 -0400 Subject: [PATCH] LibRegex: Bail parsing class set characters upon early EOF Otherwise, we reach a skip() invocation at the end of this function, which crashes due to EOF. Caught by test262. --- Tests/LibRegex/Regex.cpp | 17 +++++++++++++++++ Userland/Libraries/LibRegex/RegexParser.cpp | 5 +++++ 2 files changed, 22 insertions(+) diff --git a/Tests/LibRegex/Regex.cpp b/Tests/LibRegex/Regex.cpp index f40c48ab555..d88f9cd6a3d 100644 --- a/Tests/LibRegex/Regex.cpp +++ b/Tests/LibRegex/Regex.cpp @@ -779,6 +779,23 @@ TEST_CASE(ECMA262_unicode_match) } } +TEST_CASE(ECMA262_unicode_sets_parser_error) +{ + struct _test { + StringView pattern; + regex::Error error; + }; + + constexpr _test tests[] { + { "[[]"sv, regex::Error::InvalidPattern }, + }; + + for (auto test : tests) { + Regex re(test.pattern, (ECMAScriptFlags)regex::AllFlags::UnicodeSets); + EXPECT_EQ(re.parser_result.error, test.error); + } +} + TEST_CASE(ECMA262_unicode_sets_match) { struct _test { diff --git a/Userland/Libraries/LibRegex/RegexParser.cpp b/Userland/Libraries/LibRegex/RegexParser.cpp index 7dd1530d96c..475e542e5f7 100644 --- a/Userland/Libraries/LibRegex/RegexParser.cpp +++ b/Userland/Libraries/LibRegex/RegexParser.cpp @@ -2224,6 +2224,11 @@ Optional ECMA262Parser::parse_class_set_character() "&&"sv, "!!"sv, "##"sv, "$$"sv, "%%"sv, "**"sv, "++"sv, ",,"sv, ".."sv, "::"sv, ";;"sv, "<<"sv, "=="sv, ">>"sv, "??"sv, "@@"sv, "^^"sv, "``"sv, "~~"sv }; + if (done()) { + set_error(Error::InvalidPattern); + return {}; + } + auto start_position = tell(); ArmedScopeGuard restore { [&] { back(tell() - start_position + 1); } };