[fuzzers] Support parsing failures in regexp-builtins fuzzer

The fuzzer found a couple of cases that exploited comments of the form: function test() { const re = /*.../; const str = '...*/...'; let result; try { result = re.exec(str); } catch (e) { /* ... */ } } Note that the first line does not contain a regexp literal, it starts a comment instead. The second line terminates the comment. This fixes detection of such cases by initializing `result` to null. TBR=yangguo@chromium.org Bug: chromium:805970 Change-Id: I5d46db9892e2b4e71cdc2907cebf07a2e33b7a0e Reviewed-on: https://chromium-review.googlesource.com/894403 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50991}
2018-01-31 11:52:52 +01:00 · 2018-01-31 11:52:52 +01:00 · 0b2edc4097
commit 0b2edc4097
parent 8361fa5896
1 changed files with 1 additions and 1 deletions
--- a/test/fuzzer/regexp-builtins.cc
+++ b/test/fuzzer/regexp-builtins.cc
@ -296,7 +296,7 @@ std::string GenerateSourceString(FuzzerArgs* args, const std::string& test) {
                         << flags << ";\n"
     << "  re.lastIndex = " << last_index << ";\n"
     << "  const str = '" << subject << "';\n"
-     << "  let result;\n"
+     << "  let result = null;\n"
     << "  let exception = null;\n"
     << "  try {\n"
     << "    result = " << test << "\n"