Diff
Modified: trunk/LayoutTests/ChangeLog (108840 => 108841)
--- trunk/LayoutTests/ChangeLog 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/LayoutTests/ChangeLog 2012-02-24 21:10:36 UTC (rev 108841)
@@ -1,3 +1,18 @@
+2012-02-24 Gavin Barraclough <[email protected]>
+
+ Should not allow malformed \x escapes
+ https://bugs.webkit.org/show_bug.cgi?id=79462
+
+ Reviewed by Oliver Hunt.
+
+ * fast/regex/script-tests/pcre-test-1.js:
+ - Fix bad escapes in test case.
+ * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A4.3_T6-expected.txt:
+ * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.1_T4-expected.txt:
+ * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T1-expected.txt:
+ * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T2-expected.txt:
+ - Check in passing results.
+
2012-02-24 Adrienne Walker <[email protected]>
Fix flaky tests by removing call to dumpResourceResponseMIMETypes
Modified: trunk/LayoutTests/fast/regex/script-tests/pcre-test-1.js (108840 => 108841)
--- trunk/LayoutTests/fast/regex/script-tests/pcre-test-1.js 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/LayoutTests/fast/regex/script-tests/pcre-test-1.js 2012-02-24 21:10:36 UTC (rev 108841)
@@ -1036,7 +1036,7 @@
var input2 = "A\0Z";
var results = null;
shouldBe('regex68.exec(input2);', 'results');
-var input3 = "A\0\x0\0\x0Z";
+var input3 = "A\0\0\0\0Z";
var results = null;
shouldBe('regex68.exec(input3);', 'results');
Modified: trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A4.3_T6-expected.txt (108840 => 108841)
--- trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A4.3_T6-expected.txt 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A4.3_T6-expected.txt 2012-02-24 21:10:36 UTC (rev 108841)
@@ -1,6 +1,7 @@
+CONSOLE MESSAGE: line 77: SyntaxError: \x can only be followed by a hex character sequence
S7.8.4_A4.3_T6
-FAIL No error detected
+PASS Expected parsing failure
TEST COMPLETE
Modified: trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.1_T4-expected.txt (108840 => 108841)
--- trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.1_T4-expected.txt 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.1_T4-expected.txt 2012-02-24 21:10:36 UTC (rev 108841)
@@ -1,6 +1,7 @@
+CONSOLE MESSAGE: line 77: SyntaxError: \x can only be followed by a hex character sequence
S7.8.4_A6.1_T4
-FAIL No error detected
+PASS Expected parsing failure
TEST COMPLETE
Modified: trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T1-expected.txt (108840 => 108841)
--- trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T1-expected.txt 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T1-expected.txt 2012-02-24 21:10:36 UTC (rev 108841)
@@ -1,6 +1,7 @@
+CONSOLE MESSAGE: line 77: SyntaxError: \x can only be followed by a hex character sequence
S7.8.4_A6.2_T1
-FAIL No error detected
+PASS Expected parsing failure
TEST COMPLETE
Modified: trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T2-expected.txt (108840 => 108841)
--- trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T2-expected.txt 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.4_String_Literals/S7.8.4_A6.2_T2-expected.txt 2012-02-24 21:10:36 UTC (rev 108841)
@@ -1,6 +1,7 @@
+CONSOLE MESSAGE: line 77: SyntaxError: \x can only be followed by a hex character sequence
S7.8.4_A6.2_T2
-FAIL No error detected
+PASS Expected parsing failure
TEST COMPLETE
Modified: trunk/Source/_javascript_Core/ChangeLog (108840 => 108841)
--- trunk/Source/_javascript_Core/ChangeLog 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-02-24 21:10:36 UTC (rev 108841)
@@ -1,3 +1,20 @@
+2012-02-24 Gavin Barraclough <[email protected]>
+
+ Should not allow malformed \x escapes
+ https://bugs.webkit.org/show_bug.cgi?id=79462
+
+ Reviewed by Oliver Hunt.
+
+ * parser/Lexer.cpp:
+ (JSC::::parseString):
+ (JSC::::parseStringSlowCase):
+ - Prohibit malformed '\x' escapes
+ * tests/mozilla/ecma/Array/15.4.5.1-1.js:
+ * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
+ * tests/mozilla/ecma_2/RegExp/hex-001.js:
+ * tests/mozilla/js1_2/regexp/hexadecimal.js:
+ - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
+
2012-02-24 Daniel Bates <[email protected]>
Fix change log entry for changeset r108819; add bug URL
Modified: trunk/Source/_javascript_Core/parser/Lexer.cpp (108840 => 108841)
--- trunk/Source/_javascript_Core/parser/Lexer.cpp 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/Source/_javascript_Core/parser/Lexer.cpp 2012-02-24 21:10:36 UTC (rev 108841)
@@ -692,14 +692,15 @@
shiftLineTerminator();
else if (m_current == 'x') {
shift();
- if (isASCIIHexDigit(m_current) && isASCIIHexDigit(peek(1))) {
- int prev = m_current;
- shift();
- if (shouldBuildStrings)
- record8(convertHex(prev, m_current));
- shift();
- } else if (shouldBuildStrings)
- record8('x');
+ if (!isASCIIHexDigit(m_current) || !isASCIIHexDigit(peek(1))) {
+ m_lexErrorMessage = "\\x can only be followed by a hex character sequence";
+ return false;
+ }
+ int prev = m_current;
+ shift();
+ if (shouldBuildStrings)
+ record8(convertHex(prev, m_current));
+ shift();
} else {
setOffset(startingOffset);
setLineNumber(startingLineNumber);
@@ -756,14 +757,15 @@
shiftLineTerminator();
else if (m_current == 'x') {
shift();
- if (isASCIIHexDigit(m_current) && isASCIIHexDigit(peek(1))) {
- int prev = m_current;
- shift();
- if (shouldBuildStrings)
- record16(convertHex(prev, m_current));
- shift();
- } else if (shouldBuildStrings)
- record16('x');
+ if (!isASCIIHexDigit(m_current) || !isASCIIHexDigit(peek(1))) {
+ m_lexErrorMessage = "\\x can only be followed by a hex character sequence";
+ return false;
+ }
+ int prev = m_current;
+ shift();
+ if (shouldBuildStrings)
+ record16(convertHex(prev, m_current));
+ shift();
} else if (m_current == 'u') {
shift();
int character = getUnicodeCharacter();
Modified: trunk/Source/_javascript_Core/tests/mozilla/ecma/Array/15.4.5.1-1.js (108840 => 108841)
--- trunk/Source/_javascript_Core/tests/mozilla/ecma/Array/15.4.5.1-1.js 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/Source/_javascript_Core/tests/mozilla/ecma/Array/15.4.5.1-1.js 2012-02-24 21:10:36 UTC (rev 108841)
@@ -104,6 +104,8 @@
for ( var i = 0X0020, TEST_STRING = "var A = new Array( " ; i < 0x00ff; i++ ) {
+ if ( i === 0x58 || i === 0x78 ) // x or X - skip testing invalid hex escapes.
+ continue;
TEST_STRING += "\'\\"+ String.fromCharCode( i ) +"\'";
if ( i < 0x00FF - 1 ) {
TEST_STRING += ",";
@@ -112,7 +114,7 @@
}
}
- var LENGTH = 0x00ff - 0x0020;
+ var LENGTH = 0x00ff - 0x0020 - 2; // x & X
array[item++] = new TestCase( SECTION,
TEST_STRING +" A[150] = 'hello'; A[150]",
Modified: trunk/Source/_javascript_Core/tests/mozilla/ecma/LexicalConventions/7.7.4.js (108840 => 108841)
--- trunk/Source/_javascript_Core/tests/mozilla/ecma/LexicalConventions/7.7.4.js 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/Source/_javascript_Core/tests/mozilla/ecma/LexicalConventions/7.7.4.js 2012-02-24 21:10:36 UTC (rev 108841)
@@ -170,10 +170,10 @@
array[item++] = new TestCase( SECTION, "\\x0F0", String.fromCharCode(15)+"0", "\x0F0" );
// G is out of hex range
+// Invalid hex escapes are syntax error; these are covered in the sputnik test suite.
+// array[item++] = new TestCase( SECTION, "\\xG", "xG", "\xG" );
+// array[item++] = new TestCase( SECTION, "\\xCG", "xCG", "\xCG" );
- array[item++] = new TestCase( SECTION, "\\xG", "xG", "\xG" );
- array[item++] = new TestCase( SECTION, "\\xCG", "xCG", "\xCG" );
-
// DoubleStringCharacter::EscapeSequence::CharacterEscapeSequence::\ NonEscapeCharacter
array[item++] = new TestCase( SECTION, "\\a", "a", "\a" );
array[item++] = new TestCase( SECTION, "\\c", "c", "\c" );
@@ -193,7 +193,8 @@
array[item++] = new TestCase( SECTION, "\\u", "u", "\u" );
array[item++] = new TestCase( SECTION, "\\w", "w", "\w" );
- array[item++] = new TestCase( SECTION, "\\x", "x", "\x" );
+// Invalid hex escapes are syntax error; these are covered in the sputnik test suite.
+// array[item++] = new TestCase( SECTION, "\\x", "x", "\x" );
array[item++] = new TestCase( SECTION, "\\y", "y", "\y" );
array[item++] = new TestCase( SECTION, "\\z", "z", "\z" );
array[item++] = new TestCase( SECTION, "\\9", "9", "\9" );
Modified: trunk/Source/_javascript_Core/tests/mozilla/ecma_2/RegExp/hex-001.js (108840 => 108841)
--- trunk/Source/_javascript_Core/tests/mozilla/ecma_2/RegExp/hex-001.js 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/Source/_javascript_Core/tests/mozilla/ecma_2/RegExp/hex-001.js 2012-02-24 21:10:36 UTC (rev 108841)
@@ -16,7 +16,8 @@
AddRegExpCases( new RegExp("\x41"), "new RegExp('\\x41')", "A", "A", 1, 0, ["A"] );
AddRegExpCases( new RegExp("\x412"),"new RegExp('\\x412')", "A2", "A2", 1, 0, ["A2"] );
- AddRegExpCases( new RegExp("\x1g"), "new RegExp('\\x1g')", "x1g","x1g", 1, 0, ["x1g"] );
+// Invalid hex escapes are syntax error; these are covered in the sputnik test suite.
+// AddRegExpCases( new RegExp("\x1g"), "new RegExp('\\x1g')", "x1g","x1g", 1, 0, ["x1g"] );
AddRegExpCases( new RegExp("A"), "new RegExp('A')", "\x41", "\\x41", 1, 0, ["A"] );
AddRegExpCases( new RegExp("A"), "new RegExp('A')", "\x412", "\\x412", 1, 0, ["A"] );
Modified: trunk/Source/_javascript_Core/tests/mozilla/js1_2/regexp/hexadecimal.js (108840 => 108841)
--- trunk/Source/_javascript_Core/tests/mozilla/js1_2/regexp/hexadecimal.js 2012-02-24 21:08:00 UTC (rev 108840)
+++ trunk/Source/_javascript_Core/tests/mozilla/js1_2/regexp/hexadecimal.js 2012-02-24 21:10:36 UTC (rev 108841)
@@ -30,7 +30,7 @@
var SECTION = 'As described in Netscape doc "Whats new in _javascript_ 1.2"';
var VERSION = 'no version';
startTest();
- var TITLE = 'RegExp: \x# (hex) ';
+ var TITLE = 'RegExp: \\x# (hex) ';
writeHeaderToLog('Executing script: hexadecimal.js');
writeHeaderToLog( SECTION + " "+ TITLE);
