Check for an overflow before allocating

Author: antonmedv

parser/lexer/utils.go

@@ -2,6 +2,7 @@ package lexer
 
 import (
 	"fmt"
+	"math"
 	"strings"
 	"unicode/utf8"
 )
@@ -31,6 +32,9 @@ func unescape(value string) (string, error) {
 	// The string contains escape characters.
 	// The following logic is adapted from `strconv/quote.go`
 	var runeTmp [utf8.UTFMax]byte
+	if n >= 2/3*math.MaxInt {
+		return "", fmt.Errorf("too large string")
+	}
 	buf := make([]byte, 0, 3*n/2)
 	for len(value) > 0 {
 		c, multibyte, rest, err := unescapeChar(value)