[v8-dev] Fix Chromium bug 62639. (issue4800001)

Thu, 11 Nov 2010 01:20:43 -0800 

Reviewers: Mads Ager,

Description:
Fix Chromium bug 62639.
Add missing failure check after expecting an identifier in preparser.
This allowed code to use the non-existing literal.

Please review this at http://codereview.chromium.org/4800001/

Affected files:
  M src/preparser.h
  M test/cctest/test-parsing.cc


Index: src/preparser.h
diff --git a/src/preparser.h b/src/preparser.h
index 44c55cf7db7cee8c410a816ec350e98671e747a7..952f25bc60d6d850fa9f4128477804f87cb3ef97 100644 
--- a/src/preparser.h
+++ b/src/preparser.h
@@ -1370,6 +1370,7 @@ Expression PreParser<Scanner, Log>::GetStringSymbol() { 
 template <typename Scanner, typename Log>
 Identifier PreParser<Scanner, Log>::ParseIdentifier(bool* ok) {
   Expect(i::Token::IDENTIFIER, ok);
+  if (!*ok) return kUnknownIdentifier;
   return GetIdentifierSymbol();
 }

Index: test/cctest/test-parsing.cc
diff --git a/test/cctest/test-parsing.cc b/test/cctest/test-parsing.cc
index 7ae8dcfa386d038b929306129e1df66c7ff17eef..ad1dbe190a13d54f2b8ab9c273680a6cb0f59f06 100755 
--- a/test/cctest/test-parsing.cc
+++ b/test/cctest/test-parsing.cc
@@ -270,3 +270,26 @@ TEST(StandAlonePreParser) {
     CHECK(!data.has_error());
   }
 }
+
+
+TEST(RegressChromium62639) {
+  int marker;
+  i::StackGuard::SetStackLimit(
+      reinterpret_cast<uintptr_t>(&marker) - 128 * 1024);
+
+  // Ensure that the source code is so big that it triggers preparsing.
+  char buffer[4096];
+  const char* program_template = "var x = '%01024d';  // filler\n"
+                                 "escape: function() {}";
+  // Fails parsing expecting an identifier after "function".
+  // Before fix, didn't check *ok after Expect(Token::Identifier, ok),
+  // and then used the invalid currently scanned literal. This always
+  // failed in debug mode, and sometimes crashed in release mode.
+
+  snprintf(buffer, 4096, program_template, 0);
+  unibrow::Utf8InputBuffer<256> stream(buffer, strlen(buffer));
+  i::ScriptDataImpl* data =
+      i::ParserApi::PreParse(i::Handle<i::String>::null(), &stream, NULL);
+  CHECK(data->HasError());
+  delete data;
+}


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to