23479 2009-01-22 09:56:15 -0800 (r39682-r39736) JSFunFuzz: crash on "(function(){({ x2: x }), })()" 2009-01-22 13:07:29 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED data:text/html,<script>{(1), }</script> HasReduction, InRadar P2 Normal --- 1 oliver oliver oldest_to_newest 106607 0 oliver 2009-01-22 09:56:15 -0800 1/22/09 9:38 AM Oliver Hunt: * SUMMARY The expression (function(){({ x2: x }), })() crashes due to reparsing failure, it should fail to parse on the first run * STEPS TO REPRODUCE 1. Evaluate the expression (function(){({ x2: x }), })() in jsc or the browser * RESULTS Crashing badness 1/22/09 9:50 AM Oliver Hunt: I've reduced the range where this started crashing, but the fact of the matter is that it should not be getting through the first parser 106608 1 oliver 2009-01-22 09:56:53 -0800 <rdar://problem/6516853> 106615 2 oliver 2009-01-22 10:26:58 -0800 Okay, the problem is that we incorrectly accept a comma after ()'s inside braces. why? 106630 3 26936 oliver 2009-01-22 11:53:19 -0800 Created attachment 26936 Fixeration for fun and profit Fixerated 106633 4 26936 ggaren 2009-01-22 12:11:32 -0800 Comment on attachment 26936 Fixeration for fun and profit r=me 106638 5 oliver 2009-01-22 13:07:29 -0800 Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/bytecode/CodeBlock.cpp M JavaScriptCore/parser/Lexer.h M JavaScriptCore/parser/Nodes.h M LayoutTests/ChangeLog M LayoutTests/fast/js/reparsing-semicolon-insertion-expected.txt M LayoutTests/fast/js/resources/reparsing-semicolon-insertion.js Committed r40131 26936 2009-01-22 11:53:19 -0800 2009-01-22 12:11:32 -0800 Fixeration for fun and profit bug23479.patch text/plain 5583 oliver ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBiL0phdmFTY3JpcHRDb3JlL0No YW5nZUxvZwppbmRleCA3NjRjNjRjLi5kNjA1ODUxIDEwMDY0NAotLS0gYS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjMg QEAKKzIwMDktMDEtMjIgIE9saXZlciBIdW50ICA8b2xpdmVyQGFwcGxlLmNvbT4KKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICA8cmRhcjovL3Byb2JsZW0v NjUxNjg1Mz4gKHIzOTY4Mi1yMzk3MzYpIEpTRnVuRnV6ejogY3Jhc2ggb24gIihmdW5jdGlvbigp eyh7IHgyOiB4IH0pLCB9KSgpIgorICAgICAgICA8aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTIzNDc5PgorCisgICAgICAgIEF1dG9tYXRpYyBzZW1pY29sb24gaW5zZXJ0 aW9uIHdhcyByZXN1bHRpbmcgaW4gdGhpcyBiZWluZyBhY2NlcHRlZCBpbiB0aGUgaW5pdGlhbAor ICAgICAgICBub2RlbGVzcyBwYXJzaW5nLCBidXQgc3Vic2VxdWVudCByZXBhcnNpbmcgZm9yIGNv ZGUgZ2VuZXJhdGlvbiB3b3VsZCBmYWlsLCBsZWFkaW5nCisgICAgICAgIHRvIGEgY3Jhc2guICBU aGUgc29sdXRpb24gaXMgdG8gZW5zdXJlIHRoYXQgcmVwYXJzaW5nIGEgZnVuY3Rpb24gcGVyZm9y bXMgcGFyc2luZworICAgICAgICBpbiB0aGUgc2FtZSBzdGF0ZSBhcyB0aGUgaW5pdGlhbCBwYXJz ZS4gIFdlIGRvIHRoaXMgYnkgbW9kaWZ5aW5nIHRoZSBzYXZlZCBzb3VyY2UKKyAgICAgICAgcmFu Z2VzIHRvIGluY2x1ZGUgcmF0aGVyIHRoYW4gZXhjbHVkZSB0aGUgb3BlbmluZyBhbmQgY2xvc2lu ZyBicmFjZXMuCisKKyAgICAgICAgKiBieXRlY29kZS9Db2RlQmxvY2suY3BwOgorICAgICAgICAo SlNDOjpDb2RlQmxvY2s6OnJlcGFyc2VGb3JFeGNlcHRpb25JbmZvSWZOZWNlc3NhcnkpOiBhZGQg YW4gYXNzZXJ0aW9uIGZvciBzdWNjZXNzZnVsIHJlY29tcGlsZQorICAgICAgICAqIHBhcnNlci9M ZXhlci5oOgorICAgICAgICAoSlNDOjpMZXhlcjo6c291cmNlQ29kZSk6IGluY2x1ZGUgcmF0aGVy IHRoYW4gZXhjbHVkZSBicmFjZXMuCisgICAgICAgICogcGFyc2VyL05vZGVzLmg6CisgICAgICAg IChKU0M6OkZ1bmN0aW9uQm9keU5vZGU6OnRvU291cmNlU3RyaW5nKTogIE5vIG5lZWQgdG8gYXBw ZW5kIGJyYWNlcyBhbnltb3JlLgorCiAyMDA5LTAxLTIxICBBbGV4ZXkgUHJvc2t1cnlha292ICA8 YXBAd2Via2l0Lm9yZz4KIAogICAgICAgICBTdWdnZXN0ZWQgYnkgT2xpdmVyIEh1bnQuIFJldmll d2VkIGJ5IE9saXZlciBIdW50LgpkaWZmIC0tZ2l0IGEvSmF2YVNjcmlwdENvcmUvYnl0ZWNvZGUv Q29kZUJsb2NrLmNwcCBiL0phdmFTY3JpcHRDb3JlL2J5dGVjb2RlL0NvZGVCbG9jay5jcHAKaW5k ZXggMDdkNWZiYy4uODgxMGI1OCAxMDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUvYnl0ZWNvZGUv Q29kZUJsb2NrLmNwcAorKysgYi9KYXZhU2NyaXB0Q29yZS9ieXRlY29kZS9Db2RlQmxvY2suY3Bw CkBAIC0xNDA4LDYgKzE0MDgsNyBAQCB2b2lkIENvZGVCbG9jazo6cmVwYXJzZUZvckV4Y2VwdGlv bkluZm9JZk5lY2Vzc2FyeShDYWxsRnJhbWUqIGNhbGxGcmFtZSkKICAgICAgICAgY2FzZSBGdW5j dGlvbkNvZGU6IHsKICAgICAgICAgICAgIEZ1bmN0aW9uQm9keU5vZGUqIG93bmVyRnVuY3Rpb25C b2R5Tm9kZSA9IHN0YXRpY19jYXN0PEZ1bmN0aW9uQm9keU5vZGUqPihtX293bmVyTm9kZSk7CiAg ICAgICAgICAgICBSZWZQdHI8RnVuY3Rpb25Cb2R5Tm9kZT4gbmV3RnVuY3Rpb25Cb2R5ID0gbV9n bG9iYWxEYXRhLT5wYXJzZXItPnJlcGFyc2U8RnVuY3Rpb25Cb2R5Tm9kZT4obV9nbG9iYWxEYXRh LCBvd25lckZ1bmN0aW9uQm9keU5vZGUpOworICAgICAgICAgICAgQVNTRVJUKG5ld0Z1bmN0aW9u Qm9keSk7CiAgICAgICAgICAgICBuZXdGdW5jdGlvbkJvZHktPmZpbmlzaFBhcnNpbmcob3duZXJG dW5jdGlvbkJvZHlOb2RlLT5jb3B5UGFyYW1ldGVycygpLCBvd25lckZ1bmN0aW9uQm9keU5vZGUt PnBhcmFtZXRlckNvdW50KCkpOwogCiAgICAgICAgICAgICBtX2dsb2JhbERhdGEtPnNjb3BlTm9k ZUJlaW5nUmVwYXJzZWQgPSBuZXdGdW5jdGlvbkJvZHkuZ2V0KCk7CmRpZmYgLS1naXQgYS9KYXZh U2NyaXB0Q29yZS9wYXJzZXIvTGV4ZXIuaCBiL0phdmFTY3JpcHRDb3JlL3BhcnNlci9MZXhlci5o CmluZGV4IGNiNTUzYWYuLmFmY2YwOWYgMTAwNjQ0Ci0tLSBhL0phdmFTY3JpcHRDb3JlL3BhcnNl ci9MZXhlci5oCisrKyBiL0phdmFTY3JpcHRDb3JlL3BhcnNlci9MZXhlci5oCkBAIC04OCw3ICs4 OCw3IEBAIG5hbWVzcGFjZSBKU0MgewogICAgICAgICBib29sIHNhd0Vycm9yKCkgY29uc3QgeyBy ZXR1cm4gbV9lcnJvcjsgfQogCiAgICAgICAgIHZvaWQgY2xlYXIoKTsKLSAgICAgICAgU291cmNl Q29kZSBzb3VyY2VDb2RlKGludCBvcGVuQnJhY2UsIGludCBjbG9zZUJyYWNlLCBpbnQgZmlyc3RM aW5lKSB7IHJldHVybiBTb3VyY2VDb2RlKG1fc291cmNlLT5wcm92aWRlcigpLCBvcGVuQnJhY2Ug KyAxLCBjbG9zZUJyYWNlLCBmaXJzdExpbmUpOyB9CisgICAgICAgIFNvdXJjZUNvZGUgc291cmNl Q29kZShpbnQgb3BlbkJyYWNlLCBpbnQgY2xvc2VCcmFjZSwgaW50IGZpcnN0TGluZSkgeyByZXR1 cm4gU291cmNlQ29kZShtX3NvdXJjZS0+cHJvdmlkZXIoKSwgb3BlbkJyYWNlLCBjbG9zZUJyYWNl ICsgMSwgZmlyc3RMaW5lKTsgfQogCiAgICAgcHJpdmF0ZToKICAgICAgICAgZnJpZW5kIGNsYXNz IEpTR2xvYmFsRGF0YTsKZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL3BhcnNlci9Ob2Rlcy5o IGIvSmF2YVNjcmlwdENvcmUvcGFyc2VyL05vZGVzLmgKaW5kZXggY2MxNTYwOS4uMjQ5NmE0ZiAx MDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUvcGFyc2VyL05vZGVzLmgKKysrIGIvSmF2YVNjcmlw dENvcmUvcGFyc2VyL05vZGVzLmgKQEAgLTIyMTEsNyArMjIxMSw3IEBAIG5hbWVzcGFjZSBKU0Mg ewogICAgICAgICB2b2lkIGZpbmlzaFBhcnNpbmcoY29uc3QgU291cmNlQ29kZSYsIFBhcmFtZXRl ck5vZGUqKTsKICAgICAgICAgdm9pZCBmaW5pc2hQYXJzaW5nKElkZW50aWZpZXIqIHBhcmFtZXRl cnMsIHNpemVfdCBwYXJhbWV0ZXJDb3VudCk7CiAgICAgICAgIAotICAgICAgICBVU3RyaW5nIHRv U291cmNlU3RyaW5nKCkgY29uc3QgSlNDX0ZBU1RfQ0FMTCB7IHJldHVybiBVU3RyaW5nKCJ7Iikg KyBzb3VyY2UoKS50b1N0cmluZygpICsgVVN0cmluZygifSIpOyB9CisgICAgICAgIFVTdHJpbmcg dG9Tb3VyY2VTdHJpbmcoKSBjb25zdCBKU0NfRkFTVF9DQUxMIHsgcmV0dXJuIHNvdXJjZSgpLnRv U3RyaW5nKCk7IH0KIAogICAgICAgICAvLyBUaGVzZSBvYmplY3RzIGFyZSByZWYvZGVyZWYnZCBh IGxvdCBpbiB0aGUgc2NvcGUgY2hhaW4sIHNvIHRoaXMgaXMgYSBmYXN0ZXIgcmVmL2RlcmVmLgog ICAgICAgICAvLyBJZiB0aGUgdmlydHVhbCBtYWNoaW5lIGNoYW5nZXMgc28gdGhpcyBkb2Vzbid0 IGhhcHBlbiBhcyBtdWNoIHdlIGNhbiBjaGFuZ2UgYmFjay4KZGlmZiAtLWdpdCBhL0xheW91dFRl c3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCBjYzY3YzdlLi4xODcz ZjJhIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMDktMDEtMjIgIE9saXZlciBIdW50ICA8b2xp dmVyQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICA8cmRhcjovL3Byb2JsZW0vNjUxNjg1Mz4gKHIzOTY4Mi1yMzk3MzYpIEpTRnVuRnV6 ejogY3Jhc2ggb24gIihmdW5jdGlvbigpeyh7IHgyOiB4IH0pLCB9KSgpIgorICAgICAgICA8aHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIzNDc5PgorCisgICAgICAgIEFk ZCBhZGRpdGlvbmFsIHJlcGFyc2luZyB0ZXN0cy4KKworICAgICAgICAqIGZhc3QvanMvcmVwYXJz aW5nLXNlbWljb2xvbi1pbnNlcnRpb24tZXhwZWN0ZWQudHh0OgorICAgICAgICAqIGZhc3QvanMv cmVzb3VyY2VzL3JlcGFyc2luZy1zZW1pY29sb24taW5zZXJ0aW9uLmpzOgorICAgICAgICAoY29t bWFQYXJlblRlc3QpOgorICAgICAgICAoY29tbWFQYXJlblRocm93VGVzdCk6CisKIDIwMDktMDEt MTkgIENocmlzIE1hcnJpbiAgPGNtYXJyaW5AYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2Vk IGJ5IERhdmlkIEh5YXR0CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2pzL3JlcGFyc2lu Zy1zZW1pY29sb24taW5zZXJ0aW9uLWV4cGVjdGVkLnR4dCBiL0xheW91dFRlc3RzL2Zhc3QvanMv cmVwYXJzaW5nLXNlbWljb2xvbi1pbnNlcnRpb24tZXhwZWN0ZWQudHh0CmluZGV4IDQyMWU4Njcu LmUwZDJjNTYgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL2Zhc3QvanMvcmVwYXJzaW5nLXNlbWlj b2xvbi1pbnNlcnRpb24tZXhwZWN0ZWQudHh0CisrKyBiL0xheW91dFRlc3RzL2Zhc3QvanMvcmVw YXJzaW5nLXNlbWljb2xvbi1pbnNlcnRpb24tZXhwZWN0ZWQudHh0CkBAIC02LDYgKzYsOCBAQCBP biBzdWNjZXNzLCB5b3Ugd2lsbCBzZWUgYSBzZXJpZXMgb2YgIlBBU1MiIG1lc3NhZ2VzLCBmb2xs b3dlZCBieSAiVEVTVCBDT01QTEVURQogUEFTUyBjb21tYVRlc3QoKSBpcyB1bmRlZmluZWQuCiBQ QVNTIHZhckNvbW1hVGVzdCgpIGlzIHVuZGVmaW5lZC4KIFBBU1MgY29uc3RDb21tYVRlc3QoKSBp cyB1bmRlZmluZWQuCitQQVNTIGNvbW1hUGFyZW5UZXN0KCkgaXMgdW5kZWZpbmVkLgorUEFTUyBj b21tYVBhcmVuVGhyb3dUZXN0KCkgdGhyZXcgZXhjZXB0aW9uIFJlZmVyZW5jZUVycm9yOiBDYW4n dCBmaW5kIHZhcmlhYmxlOiB4LgogUEFTUyBzdWNjZXNzZnVsbHlQYXJzZWQgaXMgdHJ1ZQogCiBU RVNUIENPTVBMRVRFCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2pzL3Jlc291cmNlcy9y ZXBhcnNpbmctc2VtaWNvbG9uLWluc2VydGlvbi5qcyBiL0xheW91dFRlc3RzL2Zhc3QvanMvcmVz b3VyY2VzL3JlcGFyc2luZy1zZW1pY29sb24taW5zZXJ0aW9uLmpzCmluZGV4IGRjODhjODEuLjBi MTBiMWEgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL2Zhc3QvanMvcmVzb3VyY2VzL3JlcGFyc2lu Zy1zZW1pY29sb24taW5zZXJ0aW9uLmpzCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvanMvcmVzb3Vy Y2VzL3JlcGFyc2luZy1zZW1pY29sb24taW5zZXJ0aW9uLmpzCkBAIC0yMiw0ICsyMiwxMiBAQCBm dW5jdGlvbiBjb25zdENvbW1hVGVzdCgpIHsgY29uc3QgYSA9IDEsIH0KIAogc2hvdWxkQmVVbmRl ZmluZWQoImNvbnN0Q29tbWFUZXN0KCkiKTsKIAorZnVuY3Rpb24gY29tbWFQYXJlblRlc3QoKSB7 ICgxKSwgfQorCitzaG91bGRCZVVuZGVmaW5lZCgiY29tbWFQYXJlblRlc3QoKSIpOworCitmdW5j dGlvbiBjb21tYVBhcmVuVGhyb3dUZXN0KCkgeyAoeCksIH0KKworc2hvdWxkVGhyb3coImNvbW1h UGFyZW5UaHJvd1Rlc3QoKSIpOworCiB2YXIgc3VjY2Vzc2Z1bGx5UGFyc2VkID0gdHJ1ZTsK