LibRegex: Fix assertion when parsing '(?'

Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28186&q=label%3AProj-serenity
Author: https://github.com/alimpfard Commit: https://github.com/SerenityOS/serenity/commit/c1c5225b720 Pull-request: https://github.com/SerenityOS/serenity/pull/4314
2020-12-03 12:28:47 +03:30 · 2020-12-03 12:28:47 +03:30 · c1c5225b72 · 2024-07-19 01:04:43 +09:00
commit c1c5225b72
parent 4fe987ba00
2 changed files with 4 additions and 0 deletions
--- a/Libraries/LibRegex/RegexLexer.cpp
+++ b/Libraries/LibRegex/RegexLexer.cpp
@ -64,6 +64,9 @@ ALWAYS_INLINE char Lexer::peek(size_t offset) const

 void Lexer::back(size_t offset)
 {
+    if (offset == m_position + 1)
+        offset = m_position; // 'position == 0' occurs twice.
+
    ASSERT(offset <= m_position);
    if (!offset)
        return;
--- a/Libraries/LibRegex/Tests/Regex.cpp
+++ b/Libraries/LibRegex/Tests/Regex.cpp
@ -496,6 +496,7 @@ TEST_CASE(ECMA262_parse)
        { ",/=-:" },                                       // #4243
        { "\\x" },                                         // Even invalid escapes are allowed if ~unicode.
        { "\\", regex::Error::InvalidTrailingEscape },
+        { "(?", regex::Error::InvalidCaptureGroup },
    };

    for (auto& test : tests) {