RESOLVED FIXED 158128
JS parser incorrectly handles invalid utf8 in error messages. 
https://bugs.webkit.org/show_bug.cgi?id=158128
Summary JS parser incorrectly handles invalid utf8 in error messages.
Oliver Hunt
Reported 2016-05-26 11:56:57 PDT
The bug occurs with an input like this: eval('({m("\udeaf")})'); The initial parsing of this results in the \udeaf escape being converted to an actual literal. This is correct. eval then parses that string, which results in a parse error while parsing the parameter list (string literals aren't valid parameter names). The bug occurs when we try to actually set the error message: failWithMessage("Expected a parameter pattern or a ')' in parameter list"); This tries to produce an error message that includes the bogus token: Exception: SyntaxError: Unexpected string literal "<The failing token>". Expected a parameter pattern or a ')' in parameter list. This string is produced via concatenation in PrintStringStream (or whatever it's called), which calls fromUTF8() on the buffer, because \udeaf isn't a valid utf8 sequence fromUTF8 fails and returns String(). The parser then checks the error state by checking errorMessage.isNull(), which it now is. This leads to the parser continuing in a bogus state and subsequently crashing.
Attachments
Patch (9.49 KB, patch)
2016-06-02 15:46 PDT, Oliver Hunt 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2016-06-02 15:46:27 PDT
Created attachment 280373 [details] Patch
Oliver Hunt
Comment 2 2016-06-02 16:06:29 PDT
Committed r201624: <http://trac.webkit.org/changeset/201624>
Oliver Hunt
Comment 3 2016-06-06 09:24:02 PDT
*** Bug 158082 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.