[webkit-changes] [270370] branches/safari-610.3.7.0-branch/Source/JavaScriptCore

[alancoon]

Title: [270370] branches/safari-610.3.7.0-branch/Source/_javascript_Core

Revision

270370

Author

alanc...@apple.com

Date

2020-12-02 14:56:10 -0800 (Wed, 02 Dec 2020)

Log Message

Apply patch. rdar://problem/71911423

Modified Paths

• branches/safari-610.3.7.0-branch/Source/_javascript_Core/ChangeLog
• branches/safari-610.3.7.0-branch/Source/_javascript_Core/parser/Parser.cpp

Diff

Modified: branches/safari-610.3.7.0-branch/Source/_javascript_Core/ChangeLog (270369 => 270370)

--- branches/safari-610.3.7.0-branch/Source/_javascript_Core/ChangeLog	2020-12-02 22:15:47 UTC (rev 270369)
+++ branches/safari-610.3.7.0-branch/Source/_javascript_Core/ChangeLog	2020-12-02 22:56:10 UTC (rev 270370)
@@ -1,3 +1,28 @@
+2020-12-02  Russell Epstein  <repst...@apple.com>
+
+        Apply patch. rdar://problem/71911423
+
+    Apply patch. rdar://problem/70289034
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/branches/safari-610.3.7.1-branch@270359 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-12-02  Russell Epstein  <repst...@apple.com>
+
+            Apply patch. rdar://problem/70289034
+
+        2020-12-02  Saam Barati  <sbar...@apple.com>
+
+                Don't crash when reparsing an arrow function and the parsing invariant is broken.
+                <rdar://problem/70289034>
+
+                Reviewed by Mark Lam.
+
+                Instead, let's turn it into a runtime error for now, since that's better than
+                crashing. We're still not sure how this invariant is broken.
+
+                * parser/Parser.cpp:
+                (JSC::Parser<LexerType>::parseInner):
+
 2020-10-27  Russell Epstein  <repst...@apple.com>
 
         Apply patch. rdar://problem/70733375

Modified: branches/safari-610.3.7.0-branch/Source/_javascript_Core/parser/Parser.cpp (270369 => 270370)

--- branches/safari-610.3.7.0-branch/Source/_javascript_Core/parser/Parser.cpp	2020-12-02 22:15:47 UTC (rev 270369)
+++ branches/safari-610.3.7.0-branch/Source/_javascript_Core/parser/Parser.cpp	2020-12-02 22:56:10 UTC (rev 270370)
@@ -228,8 +228,9 @@
             parameters = parseFunctionParameters(context, parseMode, functionInfo);
 
         if (SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(parseMode) && !hasError()) {
-            // The only way we could have an error wile reparsing is if we run out of stack space.
-            RELEASE_ASSERT(match(ARROWFUNCTION));
+            // The only way we could have an error while reparsing is if we run out of stack space.
+            if (UNLIKELY(!match(ARROWFUNCTION)))
+                return makeUnexpected("Parser error"_s);
             next();
             isArrowFunctionBodyExpression = !match(OPENBRACE);
         }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes