Ignore:
Timestamp:
Feb 5, 2015, 12:58:38 AM (10 years ago)
Author:
[email protected]
Message:

Crash in uninitialized deconstructing variable.
https://bugs.webkit.org/show_bug.cgi?id=141070

Reviewed by Michael Saboff.

Source/JavaScriptCore:

According to the ES6 spec, when a destructuring pattern occurs
as the left hand side of an assignment inside a var declaration
statement, the assignment must also have a right hand side value.
"var {x} = {};" is a legal syntactic statement, but,
"var {x};" is a syntactic error.

Section 13.2.2 of the latest draft ES6 spec specifies this requirement:
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-variable-statement

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseVarDeclaration):
(JSC::Parser<LexerType>::parseVarDeclarationList):
(JSC::Parser<LexerType>::parseForStatement):

  • parser/Parser.h:

LayoutTests:

  • js/parser-syntax-check-expected.txt:
  • js/script-tests/parser-syntax-check.js:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/parser/Parser.cpp

    r179371 r179682  
    379379    TreeExpression scratch2 = 0;
    380380    JSTextPosition scratch3;
    381     TreeExpression varDecls = parseVarDeclarationList(context, scratch, scratch1, scratch2, scratch3, scratch3, scratch3);
     381    TreeExpression varDecls = parseVarDeclarationList(context, scratch, scratch1, scratch2, scratch3, scratch3, scratch3, VarDeclarationContext);
    382382    propagateError();
    383383    failIfFalse(autoSemiColon(), "Expected ';' after var declaration");
     
    448448
    449449template <typename LexerType>
    450 template <class TreeBuilder> TreeExpression Parser<LexerType>::parseVarDeclarationList(TreeBuilder& context, int& declarations, TreeDeconstructionPattern& lastPattern, TreeExpression& lastInitializer, JSTextPosition& identStart, JSTextPosition& initStart, JSTextPosition& initEnd)
     450template <class TreeBuilder> TreeExpression Parser<LexerType>::parseVarDeclarationList(TreeBuilder& context, int& declarations, TreeDeconstructionPattern& lastPattern, TreeExpression& lastInitializer, JSTextPosition& identStart, JSTextPosition& initStart, JSTextPosition& initEnd, VarDeclarationListContext declarationListContext)
    451451{
    452452    TreeExpression head = 0;
     
    488488            failIfFalse(pattern, "Cannot parse this deconstruction pattern");
    489489            hasInitializer = match(EQUAL);
     490            failIfTrue(declarationListContext == VarDeclarationContext && !hasInitializer, "Expected an initializer in destructuring variable declaration");
    490491            lastPattern = pattern;
    491492            if (hasInitializer) {
     
    736737        JSTextPosition initStart;
    737738        JSTextPosition initEnd;
    738         decls = parseVarDeclarationList(context, declarations, forInTarget, forInInitializer, declsStart, initStart, initEnd);
     739        decls = parseVarDeclarationList(context, declarations, forInTarget, forInInitializer, declsStart, initStart, initEnd, ForLoopContext);
    739740        m_allowsIn = true;
    740741        propagateError();
Note: See TracChangeset for help on using the changeset viewer.