beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 15:40:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Shell: Disallow non-bareword nodes as part of a heredoc key

Browse source 
Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33854
This commit is contained in:
Ali Mohammad Pur 2021-05-01 11:03:18 +04:30 committed by Andreas Kling
parent f18895c0d6
commit f1d49d391e
Notes: sideshowbarker 2024-07-18 18:49:21 +09:00 
Author: https://github.com/alimpfard
Commit: https://github.com/SerenityOS/serenity/commit/f1d49d391ee
Pull-request: https://github.com/SerenityOS/serenity/pull/6773
Reviewed-by: https://github.com/awesomekling
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
Userland/Shell/Parser.cpp
View file

@ -1943,10 +1943,14 @@ RefPtr<AST::Node> Parser::parse_heredoc_initiation_record()
// StringLiteral | bareword
if (auto bareword = parse_bareword()) {
if (bareword->is_syntax_error())
syntax_error_node = bareword->syntax_error_node();
else
record.end = static_cast<AST::BarewordLiteral*>(bareword.ptr())->text();
if (!bareword->is_bareword()) {
syntax_error_node = create<AST::SyntaxError>(String::formatted("Expected a bareword or a quoted string, not {}", bareword->class_name()));
} else {
if (bareword->is_syntax_error())
syntax_error_node = bareword->syntax_error_node();
else
record.end = static_cast<AST::BarewordLiteral*>(bareword.ptr())->text();
}
record.interpolate = true;
} else if (peek() == '\'') {
@ -1981,6 +1985,10 @@ bool Parser::parse_heredoc_entries()
// Try to parse heredoc entries, as reverse recorded in the initiation records
for (auto& record : m_heredoc_initiations) {
auto rule_start = push_start();
if (m_rule_start_offsets.size() > max_allowed_nested_rule_depth) {
record.node->set_is_syntax_error(*create<AST::SyntaxError>(String::formatted("Expression nested too deep (max allowed is {})", max_allowed_nested_rule_depth)));
continue;
}
bool found_key = false;
if (!record.interpolate) {
// Since no interpolation is allowed, just read lines until we hit the key