AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Fix crasher when checking for "of", but next token has no literal buffer

Browse Source 
Also fix a typo in an assertion in scanner.h.

R=mstarzinger@chromium.org
BUG=248025
TEST=mjsunit/regress/regress-crbug-248025.js

Review URL: https://codereview.chromium.org/16549003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15059 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
wingo@igalia.com 2013-06-11 11:30:03 +00:00
parent dbeafbaaff
commit f68d6a10f8
3 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/preparser.cc
View File

@ -662,6 +662,7 @@ PreParser::Statement PreParser::ParseWhileStatement(bool* ok) {
bool PreParser::CheckInOrOf() { bool PreParser::CheckInOrOf() {
if (peek() == i::Token::IN || if (peek() == i::Token::IN ||
(allow_for_of() && (allow_for_of() &&
peek() == i::Token::IDENTIFIER &&
scanner_->is_next_contextual_keyword(v8::internal::CStrVector("of")))) { scanner_->is_next_contextual_keyword(v8::internal::CStrVector("of")))) {
Next(); Next();
return true; return true;

2
src/scanner.h
View File

@ -331,7 +331,7 @@ class Scanner {
return current_.literal_chars->is_ascii(); return current_.literal_chars->is_ascii();
} }
bool is_literal_contextual_keyword(Vector<const char> keyword) { bool is_literal_contextual_keyword(Vector<const char> keyword) {
ASSERT_NOT_NULL(next_.literal_chars); ASSERT_NOT_NULL(current_.literal_chars);
return current_.literal_chars->is_contextual_keyword(keyword); return current_.literal_chars->is_contextual_keyword(keyword);
} }
int literal_length() const { int literal_length() const {

40
test/mjsunit/regress/regress-crbug-248025.js Normal file
View File

@ -0,0 +1,40 @@
// Copyright 2013 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Flags: --harmony-iteration
// Filler long enough to trigger lazy parsing.
var filler = "//" + new Array(1024).join('x');
// Test that the pre-parser does not crash when the expected contextual
// keyword as part if a 'for' statement is not and identifier.
try {
eval(filler + "\nfunction f() { for (x : y) { } }");
throw "not reached";
} catch (e) {
if (!(e instanceof SyntaxError)) throw e;
}