[webkit-changes] [270359] branches/safari-610.3.7.1-branch/Source/JavaScriptCore

Wed, 02 Dec 2020 11:31:22 -0800

Title: [270359] branches/safari-610.3.7.1-branch/Source/_javascript_Core
Revision
270359
Author
[email protected]
Date
2020-12-02 11:30:26 -0800 (Wed, 02 Dec 2020)

Log Message

Apply patch. rdar://problem/70289034

Modified Paths

Diff

Modified: branches/safari-610.3.7.1-branch/Source/_javascript_Core/ChangeLog (270358 => 270359)


--- branches/safari-610.3.7.1-branch/Source/_javascript_Core/ChangeLog	2020-12-02 19:29:59 UTC (rev 270358)
+++ branches/safari-610.3.7.1-branch/Source/_javascript_Core/ChangeLog	2020-12-02 19:30:26 UTC (rev 270359)
@@ -1,3 +1,20 @@
+2020-12-02  Russell Epstein  <[email protected]>
+
+        Apply patch. rdar://problem/70289034
+
+    2020-12-02  Saam Barati  <[email protected]>
+
+            Don't crash when reparsing an arrow function and the parsing invariant is broken.
+            <rdar://problem/70289034>
+
+            Reviewed by Mark Lam.
+
+            Instead, let's turn it into a runtime error for now, since that's better than
+            crashing. We're still not sure how this invariant is broken.
+
+            * parser/Parser.cpp:
+            (JSC::Parser<LexerType>::parseInner):
+
 2020-11-18  Russell Epstein  <[email protected]>
 
         Cherry-pick r269931. rdar://problem/71540532

Modified: branches/safari-610.3.7.1-branch/Source/_javascript_Core/parser/Parser.cpp (270358 => 270359)


--- branches/safari-610.3.7.1-branch/Source/_javascript_Core/parser/Parser.cpp	2020-12-02 19:29:59 UTC (rev 270358)
+++ branches/safari-610.3.7.1-branch/Source/_javascript_Core/parser/Parser.cpp	2020-12-02 19:30:26 UTC (rev 270359)
@@ -229,7 +229,8 @@
 
         if (SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(parseMode) && !hasError()) {
             // The only way we could have an error while reparsing is if we run out of stack space.
-            RELEASE_ASSERT(match(ARROWFUNCTION), m_token.m_type, static_cast<uint8_t>(parseMode), m_lexer->currentOffset(), m_lexer->codeLength());
+            if (UNLIKELY(!match(ARROWFUNCTION)))
+                return makeUnexpected("Parser error"_s);
             next();
             isArrowFunctionBodyExpression = !match(OPENBRACE);
         }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to