Bug 23479

Summary: (r39682-r39736) JSFunFuzz: crash on "(function(){({ x2: x }), })()"
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal Keywords: HasReduction, InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: data:text/html,<script>{(1), }</script>
Attachments:
Description Flags
Fixeration for fun and profit ggaren: review+

Oliver Hunt
Reported 2009-01-22 09:56:15 PST
1/22/09 9:38 AM Oliver Hunt: * SUMMARY The expression (function(){({ x2: x }), })() crashes due to reparsing failure, it should fail to parse on the first run * STEPS TO REPRODUCE 1. Evaluate the expression (function(){({ x2: x }), })() in jsc or the browser * RESULTS Crashing badness 1/22/09 9:50 AM Oliver Hunt: I've reduced the range where this started crashing, but the fact of the matter is that it should not be getting through the first parser
Attachments
Fixeration for fun and profit (5.45 KB, patch)
2009-01-22 11:53 PST, Oliver Hunt 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2009-01-22 09:56:53 PST
<rdar://problem/6516853>
Oliver Hunt
Comment 2 2009-01-22 10:26:58 PST
Okay, the problem is that we incorrectly accept a comma after ()'s inside braces. why?
Oliver Hunt
Comment 3 2009-01-22 11:53:19 PST
Created attachment 26936 [details] Fixeration for fun and profit Fixerated
Geoffrey Garen
Comment 4 2009-01-22 12:11:32 PST
Comment on attachment 26936 [details] Fixeration for fun and profit r=me
Oliver Hunt
Comment 5 2009-01-22 13:07:29 PST
Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/bytecode/CodeBlock.cpp M JavaScriptCore/parser/Lexer.h M JavaScriptCore/parser/Nodes.h M LayoutTests/ChangeLog M LayoutTests/fast/js/reparsing-semicolon-insertion-expected.txt M LayoutTests/fast/js/resources/reparsing-semicolon-insertion.js Committed r40131
Note You need to log in before you can comment on or make changes to this bug.