mirrors/v
1
0
Fork 0
mirror of https://github.com/vlang/v.git synced 2025-09-14 15:02:33 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

scanner: guard against scanner panic, discovered by fuzzing in PR#22016

Browse source
This commit is contained in:
Delyan Angelov 2024-08-09 14:51:37 +03:00
parent c0bb9605c0
commit 793b66d8d5
No known key found for this signature in database
GPG key ID: 66886C0F12D595ED
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
vlib/v/scanner/scanner.v
View file

@ -1445,6 +1445,10 @@ fn (mut s Scanner) decode_o_escapes(sinput string, start int, escapes_pos []int)
fn (mut s Scanner) decode_u16_escape_single(str string, idx int) (int, string) { fn (mut s Scanner) decode_u16_escape_single(str string, idx int) (int, string) {
end_idx := idx + 6 // "\uXXXX".len == 6 end_idx := idx + 6 // "\uXXXX".len == 6
if idx + 2 > str.len || end_idx > str.len {
s.error_with_pos('unfinished u16 escape started at', s.current_pos())
return 0, ''
}
escaped_code_point := strconv.parse_uint(str[idx + 2..end_idx], 16, 32) or { 0 } escaped_code_point := strconv.parse_uint(str[idx + 2..end_idx], 16, 32) or { 0 }
// Check if Escaped Code Point is invalid or not // Check if Escaped Code Point is invalid or not
if rune(escaped_code_point).length_in_bytes() == -1 { if rune(escaped_code_point).length_in_bytes() == -1 {
@ -1468,6 +1472,10 @@ fn (mut s Scanner) decode_u16erune(str string) string {
fn (mut s Scanner) decode_u32_escape_single(str string, idx int) (int, string) { fn (mut s Scanner) decode_u32_escape_single(str string, idx int) (int, string) {
end_idx := idx + 10 // "\uXXXXXXXX".len == 10 end_idx := idx + 10 // "\uXXXXXXXX".len == 10
if idx + 2 > str.len || end_idx > str.len {
s.error_with_pos('unfinished u32 escape started at', s.current_pos())
return 0, ''
}
escaped_code_point := strconv.parse_uint(str[idx + 2..end_idx], 16, 32) or { 0 } escaped_code_point := strconv.parse_uint(str[idx + 2..end_idx], 16, 32) or { 0 }
// Check if Escaped Code Point is invalid or not // Check if Escaped Code Point is invalid or not
if rune(escaped_code_point).length_in_bytes() == -1 { if rune(escaped_code_point).length_in_bytes() == -1 {