Skip to site navigation (Press enter)

[webkit-changes] [270384] branches/safari-610-branch/Source/JavaScriptCore

repstein Wed, 02 Dec 2020 19:58:52 -0800

Title: [270384] branches/safari-610-branch/Source/_javascript_Core

Revision: 270384
Author: [email protected]
Date: 2020-12-02 19:58:10 -0800 (Wed, 02 Dec 2020)

Log Message

Apply patch. rdar://problem/71921536

Modified Paths

branches/safari-610-branch/Source/_javascript_Core/ChangeLog
branches/safari-610-branch/Source/_javascript_Core/parser/Parser.cpp

Diff

Modified: branches/safari-610-branch/Source/_javascript_Core/ChangeLog (270383 => 270384)


--- branches/safari-610-branch/Source/_javascript_Core/ChangeLog	2020-12-03 03:25:52 UTC (rev 270383)
+++ branches/safari-610-branch/Source/_javascript_Core/ChangeLog	2020-12-03 03:58:10 UTC (rev 270384)
@@ -1,3 +1,20 @@
+2020-12-02  Alan Coon  <[email protected]>
+
+        Apply patch. rdar://problem/71921536
+
+    2020-12-02  Saam Barati  <[email protected]>
+
+            Don't crash when reparsing an arrow function and the parsing invariant is broken.
+            <rdar://problem/70289034>
+
+            Reviewed by Mark Lam.
+
+            Instead, let's turn it into a runtime error for now, since that's better than
+            crashing. We're still not sure how this invariant is broken.
+
+            * parser/Parser.cpp:
+            (JSC::Parser<LexerType>::parseInner):
+
 2020-12-01  Alan Coon  <[email protected]>
 
         Cherry-pick r269931. rdar://problem/71836676

Modified: branches/safari-610-branch/Source/_javascript_Core/parser/Parser.cpp (270383 => 270384)


--- branches/safari-610-branch/Source/_javascript_Core/parser/Parser.cpp	2020-12-03 03:25:52 UTC (rev 270383)
+++ branches/safari-610-branch/Source/_javascript_Core/parser/Parser.cpp	2020-12-03 03:58:10 UTC (rev 270384)
@@ -229,7 +229,8 @@
 
         if (SourceParseModeSet(SourceParseMode::ArrowFunctionMode, SourceParseMode::AsyncArrowFunctionMode).contains(parseMode) && !hasError()) {
             // The only way we could have an error while reparsing is if we run out of stack space.
-            RELEASE_ASSERT(match(ARROWFUNCTION), m_token.m_type, static_cast<uint8_t>(parseMode), m_lexer->currentOffset(), m_lexer->codeLength());
+            if (UNLIKELY(!match(ARROWFUNCTION)))
+                return makeUnexpected("Parser error"_s);
             next();
             isArrowFunctionBodyExpression = !match(OPENBRACE);
         }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes