[MERGE #5290 @xiaoyinl] Fix potential buffer overread in CountNewlines in Scan.cpp

Merge pull request #5290 from xiaoyinl:countnewlines

`cch` parameter is ignored if `psz` is not null-terminated and `psz[cch-1] == '\r'` and `psz[cch] == '\n'`. For example, `CountNewlines(_u("ab\r\na\n\n"), 3)` should return 1 (only count the first \r), but it now returns 2 (the first \r\n is skipped but the trailing \n\n are counted). The problem is that the `break` at line 26 breaks the switch, and `cch` becomes -1.

No callers actually pass `cch`, so removing it.

Author: sethbrenith

lib/Parser/Scan.cpp

@@ -10,20 +10,18 @@
 *  a given character can be part of an identifier, and so on.
 */
 
-int CountNewlines(LPCOLESTR psz, int cch)
+int CountNewlines(LPCOLESTR psz)
 {
     int cln = 0;
 
-    while (0 != *psz && 0 != cch--)
+    while (0 != *psz)
     {
         switch (*psz++)
         {
         case _u('\xD'):
             if (*psz == _u('\xA'))
             {
                 ++psz;
-                if (0 == cch--)
-                    break;
             }
             // fall-through
         case _u('\xA'):

lib/Parser/Scan.h

@@ -12,7 +12,7 @@ namespace Js
 #include "Windows.Globalization.h"
 #endif
 
-int CountNewlines(LPCOLESTR psz, int cch = -1);
+int CountNewlines(LPCOLESTR psz);
 
 class Parser;
 struct ParseContext;