From b8311035d0b4cde1047568260e997e861f0f318c Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Mon, 21 Nov 2022 17:50:02 +0000
Subject: [PATCH] [Fix] Fix off-by-one error in css tokenizer

---
 src/libserver/css/css_tokeniser.cxx | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libserver/css/css_tokeniser.cxx b/src/libserver/css/css_tokeniser.cxx
index ace94cae2d..f3c010f1e6 100644
--- a/src/libserver/css/css_tokeniser.cxx
+++ b/src/libserver/css/css_tokeniser.cxx
@@ -557,7 +557,13 @@ auto css_tokeniser::next_token(void) -> struct css_parser_token
 		case '"':
 		case '\'':
 			offset = i + 1;
-			return make_token<css_parser_token::token_type::string_token>(consume_string(c));
+			if (offset < input.size()) {
+				return make_token<css_parser_token::token_type::string_token>(consume_string(c));
+			}
+			else {
+				/* Unpaired quote at the end of the rule */
+				return make_token<css_parser_token::token_type::delim_token>(c);
+			}
 		case '(':
 			offset = i + 1;
 			return make_token<css_parser_token::token_type::obrace_token>();
-- 
2.47.3