fix(lockfile): prevent infinite loop

Fix bug where yarn could get into an infinite loop when parsing a corrupted lockfile with an unterminated string.

Author: rhendric

CHANGELOG.md

@@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa
 
 ## Master
 
+- Prevent infinite loop when parsing corrupted lockfile with unterminated string
+
+ [#4965](https://github.com/yarnpkg/yarn/pull/4965) - [**Ryan Hendrickson**](https://github.com/rhendric)
+
 - Environment variables now have to **start** with `YARN_` (instead of just contain it) to be considered
 
  [#6518](https://github.com/yarnpkg/yarn/pull/6518) - [**Michael Gmelin**](https://blog.grem.de)

src/lockfile/parse.js

@@ -94,7 +94,7 @@ function* tokenise(input: string): Iterator<Token> {
  }
  } else if (input[0] === '"') {
  let i = 1;
- for (; ; i++) {
+ for (; i < input.length; i++) {
  if (input[i] === '"') {
  const isEscaped = input[i - 1] === '\\' && input[i - 2] !== '\\';
  if (!isEscaped) {