ref: e01fe424ab94395713d94f46eee57f1af0a279b4
parent: 294a803552de8874390bedd5e3ce1ead703394c1
author: Tor Andersson <tor@ccxvii.net>
date: Fri Dec 27 12:33:04 EST 2013
Check hex string escapes so we don't read past the end of the string.
--- a/js-lex.c
+++ b/js-lex.c
@@ -294,20 +294,20 @@
static inline int lexescape(const char **sp)
{int c = GET();
- int x, y, z, w;
+ int x = 0;
switch (c) {case '0': return 0;
case 'u':
- x = tohex(GET());
- y = tohex(GET());
- z = tohex(GET());
- w = tohex(GET());
- return (x << 12) | (y << 8) | (z << 4) | w;
+ if (!ishex(PEEK())) return x; else x |= NEXTPEEK() << 12;
+ if (!ishex(PEEK())) return x; else x |= NEXTPEEK() << 8;
+ if (!ishex(PEEK())) return x; else x |= NEXTPEEK() << 4;
+ if (!ishex(PEEK())) return x; else x |= NEXTPEEK();
+ return x;
case 'x':
- x = tohex(GET());
- y = tohex(GET());
- return (x << 4) | y;
+ if (!ishex(PEEK())) return x; else x |= NEXTPEEK() << 4;
+ if (!ishex(PEEK())) return x; else x |= NEXTPEEK();
+ return x;
case '\'': return '\'';
case '"': return '"';
case '\\': return '\\';