Changeset 40131 in webkit for trunk/JavaScriptCore/parser/Nodes.h


Ignore:
Timestamp:
Jan 22, 2009, 1:07:14 PM (16 years ago)
Author:
[email protected]
Message:

<rdar://problem/6516853> (r39682-r39736) JSFunFuzz: crash on "(function(){({ x2: x }), })()"
<https://bugs.webkit.org/show_bug.cgi?id=23479>

Reviewed by Geoff Garen.

Automatic semicolon insertion was resulting in this being accepted in the initial
nodeless parsing, but subsequent reparsing for code generation would fail, leading
to a crash. The solution is to ensure that reparsing a function performs parsing
in the same state as the initial parse. We do this by modifying the saved source
ranges to include rather than exclude the opening and closing braces.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/parser/Nodes.h

    r39961 r40131  
    22122212        void finishParsing(Identifier* parameters, size_t parameterCount);
    22132213       
    2214         UString toSourceString() const JSC_FAST_CALL { return UString("{") + source().toString() + UString("}"); }
     2214        UString toSourceString() const JSC_FAST_CALL { return source().toString(); }
    22152215
    22162216        // These objects are ref/deref'd a lot in the scope chain, so this is a faster ref/deref.
Note: See TracChangeset for help on using the changeset viewer.