[webkit-changes] [221400] trunk

[sbarati]

Title: [221400] trunk

Revision

221400

Author

sbar...@apple.com

Date

2017-08-30 15:27:09 -0700 (Wed, 30 Aug 2017)

Log Message

semicolon is being interpreted as an = in the LiteralParser
https://bugs.webkit.org/show_bug.cgi?id=176114

Reviewed by Oliver Hunt.

JSTests:

* stress/jsonp-literal-parser-semicolon-is-not-assignment.js: Added.
* stress/resources/literal-parser-test-case.js: Added.

Source/_javascript_Core:

When lexing a semicolon in the LiteralParser, we were properly
setting the TokenType on the current token, however, we were
*returning* the wrong TokenType. The lex function both returns
the TokenType and sets it on the current token. Semicolon was
setting the TokenType to semicolon, but returning the TokenType
for '='. This caused programs like `x;123` to be interpreted as
`x=123`.

* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::Lexer::lex):
(JSC::LiteralParser<CharType>::Lexer::next):

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/LiteralParser.cpp

Added Paths

• trunk/JSTests/stress/jsonp-literal-parser-semicolon-is-not-assignment.js
• trunk/JSTests/stress/resources/literal-parser-test-case.js

Diff

Modified: trunk/JSTests/ChangeLog (221399 => 221400)

--- trunk/JSTests/ChangeLog	2017-08-30 21:50:27 UTC (rev 221399)
+++ trunk/JSTests/ChangeLog	2017-08-30 22:27:09 UTC (rev 221400)
@@ -1,3 +1,13 @@
+2017-08-30  Saam Barati  <sbar...@apple.com>
+
+        semicolon is being interpreted as an = in the LiteralParser
+        https://bugs.webkit.org/show_bug.cgi?id=176114
+
+        Reviewed by Oliver Hunt.
+
+        * stress/jsonp-literal-parser-semicolon-is-not-assignment.js: Added.
+        * stress/resources/literal-parser-test-case.js: Added.
+
 2017-08-30  Oleksandr Skachkov  <gskach...@gmail.com>
 
         [ESNext] Async iteration - Implement async iteration statement: for-await-of

Added: trunk/JSTests/stress/jsonp-literal-parser-semicolon-is-not-assignment.js (0 => 221400)

--- trunk/JSTests/stress/jsonp-literal-parser-semicolon-is-not-assignment.js	                        (rev 0)
+++ trunk/JSTests/stress/jsonp-literal-parser-semicolon-is-not-assignment.js	2017-08-30 22:27:09 UTC (rev 221400)
@@ -0,0 +1,4 @@
+x = undefined;
+load("./resources/literal-parser-test-case.js");
+if (x !== undefined)
+    throw new Error("Bad result");

Added: trunk/JSTests/stress/resources/literal-parser-test-case.js (0 => 221400)

--- trunk/JSTests/stress/resources/literal-parser-test-case.js	                        (rev 0)
+++ trunk/JSTests/stress/resources/literal-parser-test-case.js	2017-08-30 22:27:09 UTC (rev 221400)
@@ -0,0 +1 @@
+x;1234

Modified: trunk/Source/_javascript_Core/ChangeLog (221399 => 221400)

--- trunk/Source/_javascript_Core/ChangeLog	2017-08-30 21:50:27 UTC (rev 221399)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-08-30 22:27:09 UTC (rev 221400)
@@ -1,3 +1,22 @@
+2017-08-30  Saam Barati  <sbar...@apple.com>
+
+        semicolon is being interpreted as an = in the LiteralParser
+        https://bugs.webkit.org/show_bug.cgi?id=176114
+
+        Reviewed by Oliver Hunt.
+
+        When lexing a semicolon in the LiteralParser, we were properly
+        setting the TokenType on the current token, however, we were
+        *returning* the wrong TokenType. The lex function both returns
+        the TokenType and sets it on the current token. Semicolon was
+        setting the TokenType to semicolon, but returning the TokenType
+        for '='. This caused programs like `x;123` to be interpreted as
+        `x=123`.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser<CharType>::Lexer::lex):
+        (JSC::LiteralParser<CharType>::Lexer::next):
+
 2017-08-22  Filip Pizlo  <fpi...@apple.com>
 
         Strings need to be in some kind of gigacage

Modified: trunk/Source/_javascript_Core/runtime/LiteralParser.cpp (221399 => 221400)

--- trunk/Source/_javascript_Core/runtime/LiteralParser.cpp	2017-08-30 21:50:27 UTC (rev 221399)
+++ trunk/Source/_javascript_Core/runtime/LiteralParser.cpp	2017-08-30 22:27:09 UTC (rev 221400)
@@ -272,7 +272,7 @@
         if (*m_ptr == ';') {
             token.type = TokSemi;
             token.end = ++m_ptr;
-            return TokAssign;
+            return TokSemi;
         }
         if (isASCIIAlpha(*m_ptr) || *m_ptr == '_' || *m_ptr == '$')
             return lexIdentifier(token);
@@ -317,11 +317,15 @@
 template <typename CharType>
 TokenType LiteralParser<CharType>::Lexer::next()
 {
+    TokenType result;
     if (m_mode == NonStrictJSON)
-        return lex<NonStrictJSON>(m_currentToken);
-    if (m_mode == JSONP)
-        return lex<JSONP>(m_currentToken);
-    return lex<StrictJSON>(m_currentToken);
+        result = lex<NonStrictJSON>(m_currentToken);
+    else if (m_mode == JSONP)
+        result = lex<JSONP>(m_currentToken);
+    else
+        result = lex<StrictJSON>(m_currentToken);
+    ASSERT(m_currentToken.type == result);
+    return result;
 }
 
 template <>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes