From c83552a596a34808651efca29a4f480bb5c579c6 Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Tue, 29 Aug 2023 22:30:12 -0400
Subject: [ruby/yarp] fix: trailing asterisk at end of file

Previously this resulted in invalid memory access.

Found by the fuzzer.

https://github.com/ruby/yarp/commit/c86b4907b4
---
 test/yarp/fuzzer_test.rb | 1 +
 yarp/yarp.c              | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/test/yarp/fuzzer_test.rb b/test/yarp/fuzzer_test.rb
index 8da1a2dc76..97f128f08b 100644
--- a/test/yarp/fuzzer_test.rb
+++ b/test/yarp/fuzzer_test.rb
@@ -16,4 +16,5 @@ class FuzzerTest < Test::Unit::TestCase
   snippet "incomplete symbol", ":"
   snippet "incomplete escaped string", '"\\'
   snippet "trailing comment", "1\n#\n"
+  snippet "trailing asterisk", "a *"
 end
diff --git a/yarp/yarp.c b/yarp/yarp.c
index ce991003f1..0d6b55a65e 100644
--- a/yarp/yarp.c
+++ b/yarp/yarp.c
@@ -380,6 +380,9 @@ lex_state_arg_p(yp_parser_t *parser) {
 
 static inline bool
 lex_state_spcarg_p(yp_parser_t *parser, bool space_seen) {
+    if (parser->current.end >= parser->end) {
+        return false;
+    }
     return lex_state_arg_p(parser) && space_seen && !yp_char_is_whitespace(*parser->current.end);
 }
 
-- 
cgit v1.2.3