mirror of
https://github.com/github/codeql.git
synced 2026-03-30 04:08:16 +02:00
2d615ef503
The sub-regex `(\s|.)*` aims to capture arbitrary string content (in contrast to `.*` which doesn't match newlines), but it is unsafe, since non-newline whitespace can match both alternatives. This caused an evaluator crash in the wild. Replace with `[\s\S]*`, which matches everything in a safe way.