Fix Chromium bug 62639.

Add missing failure check after expecting an identifier in preparser. This allowed code to use the non-existing literal. Review URL: http://codereview.chromium.org/4800001 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2010-11-11 10:18:48 +00:00 · 2010-11-11 10:18:48 +00:00 · 17f532acb9
commit 17f532acb9
parent c8932d030b
2 changed files with 24 additions and 0 deletions
--- a/src/preparser.h
+++ b/src/preparser.h
@ -1370,6 +1370,7 @@ Expression PreParser<Scanner, Log>::GetStringSymbol() {
 template <typename Scanner, typename Log>
 Identifier PreParser<Scanner, Log>::ParseIdentifier(bool* ok) {
  Expect(i::Token::IDENTIFIER, ok);
+  if (!*ok) return kUnknownIdentifier;
  return GetIdentifierSymbol();
 }

--- a/test/cctest/test-parsing.cc
+++ b/test/cctest/test-parsing.cc
@ -270,3 +270,26 @@ TEST(StandAlonePreParser) {
    CHECK(!data.has_error());
  }
 }
+
+
+TEST(RegressChromium62639) {
+  int marker;
+  i::StackGuard::SetStackLimit(
+      reinterpret_cast<uintptr_t>(&marker) - 128 * 1024);
+
+  // Ensure that the source code is so big that it triggers preparsing.
+  char buffer[4096];
+  const char* program_template = "var x = '%01024d';  // filler\n"
+                                 "escape: function() {}";
+  // Fails parsing expecting an identifier after "function".
+  // Before fix, didn't check *ok after Expect(Token::Identifier, ok),
+  // and then used the invalid currently scanned literal. This always
+  // failed in debug mode, and sometimes crashed in release mode.
+
+  snprintf(buffer, sizeof(buffer), program_template, 0);
+  unibrow::Utf8InputBuffer<256> stream(buffer, strlen(buffer));
+  i::ScriptDataImpl* data =
+      i::ParserApi::PreParse(i::Handle<i::String>::null(), &stream, NULL);
+  CHECK(data->HasError());
+  delete data;
+}