Fix heap-buffer-overflow in prelexer.hpp:70 (#2857)

glebm · xzyfer · commit 8e681e20795e · 2019-04-05T12:42:08.000+11:00
Fixes #2814
diff --git a/src/prelexer.hpp b/src/prelexer.hpp
@@ -65,16 +65,15 @@ namespace Sass {
       size_t level = 0;
       bool in_squote = false;
       bool in_dquote = false;
-      // bool in_braces = false;
-
-      while (*src) {
-
-        // check for abort condition
-        if (end && src >= end) break;
+      bool in_backslash_escape = false;
 
+      while ((end == nullptr || src < end) && *src != '\0') {
         // has escaped sequence?
-        if (*src == '\\') {
-          ++ src; // skip this (and next)
+        if (in_backslash_escape) {
+          in_backslash_escape = false;
+        }
+        else if (*src == '\\') {
+          in_backslash_escape = true;
         }
         else if (*src == '"') {
           in_dquote = ! in_dquote;
@@ -120,7 +119,7 @@ namespace Sass {
     // first start/opener must be consumed already!
     template<prelexer start, prelexer stop>
     const char* skip_over_scopes(const char* src) {
-      return skip_over_scopes<start, stop>(src, 0);
+      return skip_over_scopes<start, stop>(src, nullptr);
     }
 
     // Match a sequence of characters delimited by the supplied chars.
