diff options
| author | Mike Dalessio <mike.dalessio@gmail.com> | 2023-08-29 22:30:12 -0400 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2023-08-30 18:27:49 +0000 |
| commit | c83552a596a34808651efca29a4f480bb5c579c6 (patch) | |
| tree | 1195d45d58466d237b6bc7584b4a28a558d16091 | |
| parent | bd0268372e09eb45d088c44a534a5302bdca9796 (diff) | |
[ruby/yarp] fix: trailing asterisk at end of file
Previously this resulted in invalid memory access.
Found by the fuzzer.
https://github.com/ruby/yarp/commit/c86b4907b4
| -rw-r--r-- | test/yarp/fuzzer_test.rb | 1 | ||||
| -rw-r--r-- | yarp/yarp.c | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/test/yarp/fuzzer_test.rb b/test/yarp/fuzzer_test.rb index 8da1a2dc76..97f128f08b 100644 --- a/test/yarp/fuzzer_test.rb +++ b/test/yarp/fuzzer_test.rb @@ -16,4 +16,5 @@ class FuzzerTest < Test::Unit::TestCase snippet "incomplete symbol", ":" snippet "incomplete escaped string", '"\\' snippet "trailing comment", "1\n#\n" + snippet "trailing asterisk", "a *" end diff --git a/yarp/yarp.c b/yarp/yarp.c index ce991003f1..0d6b55a65e 100644 --- a/yarp/yarp.c +++ b/yarp/yarp.c @@ -380,6 +380,9 @@ lex_state_arg_p(yp_parser_t *parser) { static inline bool lex_state_spcarg_p(yp_parser_t *parser, bool space_seen) { + if (parser->current.end >= parser->end) { + return false; + } return lex_state_arg_p(parser) && space_seen && !yp_char_is_whitespace(*parser->current.end); } |