From cfe85a9fe625fea55dc4f809fd91b5c061064508 Mon Sep 17 00:00:00 2001
From: Bill Glover <bill@billglover.co.uk>
Date: Wed, 11 Mar 2020 22:12:00 +0000
Subject: Fix #3130: Crash at fuzzing target replacer (#3133)

* Fix #3130: Crash at fuzzing target replacer

* Add additional test case based on fuzzer feedback
---
 replacer.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'replacer.go')

diff --git a/replacer.go b/replacer.go
index 8823404..d1c58e8 100644
--- a/replacer.go
+++ b/replacer.go
@@ -124,6 +124,8 @@ func (r *Replacer) replace(input, empty string,
 
 	// iterate the input to find each placeholder
 	var lastWriteCursor int
+	
+scan:
 	for i := 0; i < len(input); i++ {
 
 		// check for escaped braces
@@ -145,7 +147,11 @@ func (r *Replacer) replace(input, empty string,
 
 		// if necessary look for the first closing brace that is not escaped
 		for end > 0 && end < len(input)-1 && input[end-1] == phEscape {
-			end = strings.Index(input[end+1:], string(phClose)) + end + 1
+			nextEnd := strings.Index(input[end+1:], string(phClose))
+			if nextEnd < 0 {
+				continue scan
+			}
+			end += nextEnd + 1
 		}
 
 		// write the substring from the last cursor to this point
-- 
cgit v1.2.3