From b7cd2393438f4f2defad6d79b07a48eb921b9810 Mon Sep 17 00:00:00 2001
From: Ryan Hendrickson <ryan.hendrickson@alum.mit.edu>
Date: Mon, 20 Nov 2017 19:24:55 -0500
Subject: [PATCH] fix(lockfile): prevent infinite loop

Fix bug where yarn could get into an infinite loop when parsing a corrupted lockfile with an
unterminated string.
---
 CHANGELOG.md          | 4 ++++
 src/lockfile/parse.js | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f960aa4aec..e519de1f0c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa
 
 ## Master
 
+- Prevent infinite loop when parsing corrupted lockfile with unterminated string
+
+  [#4965](https://github.com/yarnpkg/yarn/pull/4965) - [**Ryan Hendrickson**](https://github.com/rhendric)
+
 - Environment variables now have to **start** with `YARN_` (instead of just contain it) to be considered
 
   [#6518](https://github.com/yarnpkg/yarn/pull/6518) - [**Michael Gmelin**](https://blog.grem.de)
diff --git a/src/lockfile/parse.js b/src/lockfile/parse.js
index 65ea9297bb..2348746063 100644
--- a/src/lockfile/parse.js
+++ b/src/lockfile/parse.js
@@ -94,7 +94,7 @@ function* tokenise(input: string): Iterator<Token> {
       }
     } else if (input[0] === '"') {
       let i = 1;
-      for (; ; i++) {
+      for (; i < input.length; i++) {
         if (input[i] === '"') {
           const isEscaped = input[i - 1] === '\\' && input[i - 2] !== '\\';
           if (!isEscaped) {