From 8e681e20795ee1cf203ff7002367c29735addf67 Mon Sep 17 00:00:00 2001
From: Gleb Mazovetskiy <glex.spb@gmail.com>
Date: Fri, 5 Apr 2019 02:42:08 +0100
Subject: [PATCH] Fix heap-buffer-overflow in prelexer.hpp:70 (#2857)

Fixes #2814
---
 src/prelexer.hpp | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/prelexer.hpp b/src/prelexer.hpp
index d5a086ccaf..07ad09c11b 100644
--- a/src/prelexer.hpp
+++ b/src/prelexer.hpp
@@ -65,16 +65,15 @@ namespace Sass {
       size_t level = 0;
       bool in_squote = false;
       bool in_dquote = false;
-      // bool in_braces = false;
-
-      while (*src) {
-
-        // check for abort condition
-        if (end && src >= end) break;
+      bool in_backslash_escape = false;
 
+      while ((end == nullptr || src < end) && *src != '\0') {
         // has escaped sequence?
-        if (*src == '\\') {
-          ++ src; // skip this (and next)
+        if (in_backslash_escape) {
+          in_backslash_escape = false;
+        }
+        else if (*src == '\\') {
+          in_backslash_escape = true;
         }
         else if (*src == '"') {
           in_dquote = ! in_dquote;
@@ -120,7 +119,7 @@ namespace Sass {
     // first start/opener must be consumed already!
     template<prelexer start, prelexer stop>
     const char* skip_over_scopes(const char* src) {
-      return skip_over_scopes<start, stop>(src, 0);
+      return skip_over_scopes<start, stop>(src, nullptr);
     }
 
     // Match a sequence of characters delimited by the supplied chars.