Changeset 75899 in webkit for trunk/Source/JavaScriptCore/parser/JSParser.cpp

Timestamp:

Jan 16, 2011, 5:52:16 PM (14 years ago)

Author:

[email protected]

Message:

2011-01-16 Oliver Hunt <​[email protected]>

Reviewed by Sam Weinig.

[jsfunfuzz] Parser doesn't correctly validate for-loop syntax
​https://bugs.webkit.org/show_bug.cgi?id=52516

Add test for the case where a syntax error immediately follows
multiple declarations in a for-loop initialiser.

• fast/js/parser-syntax-check-expected.txt:
• fast/js/script-tests/parser-syntax-check.js:

2011-01-16 Oliver Hunt <​[email protected]>

Reviewed by Sam Weinig.

[jsfunfuzz] Parser doesn't correctly validate for-loop syntax
​https://bugs.webkit.org/show_bug.cgi?id=52516

Ensure that we always check for a semicolon after encountering
multiple declarations in the initialiser portion of a for-loop.

• parser/JSParser.cpp: (JSC::JSParser::parseForStatement):

File:

• trunk/Source/JavaScriptCore/parser/JSParser.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/parser/JSParser.cpp

@@ -796 +796 @@
 
         // Remainder of a standard for loop is handled identically
-        if (declarations > 1 || match(SEMICOLON))
+        if (match(SEMICOLON))
             goto standardForLoop;
+
+        failIfFalse(declarations == 1);
 
         // Handle for-in with var declaration