bug #60529 [AssetMapper] Fix SequenceParser possible infinite loop (smnandre)

nicolas-grekas · nicolas-grekas · commit cc14b4d0b772 · 2025-05-25T12:43:56.000+02:00
This PR was merged into the 7.3 branch. Discussion ---------- [AssetMapper] Fix SequenceParser possible infinite loop | Q | A | ------------- | --- | Branch? | 7.3 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #60516 | License | MIT Commits ------- 73ebb39 [AssetMapper] Fix SequenceParser possible infinite loop
diff --git a/src/Symfony/Component/AssetMapper/Compiler/Parser/JavascriptSequenceParser.php b/src/Symfony/Component/AssetMapper/Compiler/Parser/JavascriptSequenceParser.php
@@ -133,36 +133,35 @@ public function parseUntil(int $position): void
                 continue;
             }
 
-            // Single-line string
-            if ('"' === $matchChar || "'" === $matchChar) {
-                if (false === $endPos = strpos($this->content, $matchChar, $matchPos + 1)) {
-                    $this->endsWithSequence(self::STATE_STRING, $position);
-
-                    return;
-                }
-                while (false !== $endPos && '\\' == $this->content[$endPos - 1]) {
-                    $endPos = strpos($this->content, $matchChar, $endPos + 1);
+            if ('"' === $matchChar || "'" === $matchChar || '`' === $matchChar) {
+                $endPos = $matchPos + 1;
+                while (false !== $endPos = strpos($this->content, $matchChar, $endPos)) {
+                    $backslashes = 0;
+                    $i = $endPos - 1;
+                    while ($i >= 0 && $this->content[$i] === '\\') {
+                        $backslashes++;
+                        $i--;
+                    }
+
+                    if (0 === $backslashes % 2) {
+                        break;
+                    }
+
+                    $endPos++;
                 }
 
-                $this->cursor = min($endPos + 1, $position);
-                $this->setSequence(self::STATE_STRING, $endPos + 1);
-                continue;
-            }
-
-            // Multi-line string
-            if ('`' === $matchChar) {
-                if (false === $endPos = strpos($this->content, $matchChar, $matchPos + 1)) {
+                if (false === $endPos) {
                     $this->endsWithSequence(self::STATE_STRING, $position);
-
                     return;
                 }
-                while (false !== $endPos && '\\' == $this->content[$endPos - 1]) {
-                    $endPos = strpos($this->content, $matchChar, $endPos + 1);
-                }
 
                 $this->cursor = min($endPos + 1, $position);
                 $this->setSequence(self::STATE_STRING, $endPos + 1);
+                continue;
             }
+
+            // Fallback
+            $this->cursor = $matchPos + 1;
         }
     }
 
diff --git a/src/Symfony/Component/AssetMapper/Tests/Compiler/Parser/JavascriptSequenceParserTest.php b/src/Symfony/Component/AssetMapper/Tests/Compiler/Parser/JavascriptSequenceParserTest.php
@@ -230,5 +230,10 @@ public static function provideStringCases(): iterable
             3,
             false,
         ];
+        yield 'after unclosed string' => [
+            '"hello',
+            6,
+            true,
+        ];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -230,5 +230,10 @@ public static function provideStringCases(): iterable`
`230`	`230`	`3,`
`231`	`231`	`false,`
`232`	`232`	`];`
	`233`	`+ yield 'after unclosed string' => [`
	`234`	`+ '"hello',`
	`235`	`+ 6,`
	`236`	`+ true,`
	`237`	`+ ];`
`233`	`238`	`}`
`234`	`239`	`}`