Changeset 221400 in webkit

Timestamp:

Aug 30, 2017 3:27:09 PM (7 years ago)

Author:

sbarati@apple.com

Message:

semicolon is being interpreted as an = in the LiteralParser
​https://bugs.webkit.org/show_bug.cgi?id=176114

Reviewed by Oliver Hunt.

JSTests:

• stress/jsonp-literal-parser-semicolon-is-not-assignment.js: Added.
• stress/resources/literal-parser-test-case.js: Added.

Source/JavaScriptCore:

When lexing a semicolon in the LiteralParser, we were properly
setting the TokenType on the current token, however, we were
*returning* the wrong TokenType. The lex function both returns
the TokenType and sets it on the current token. Semicolon was
setting the TokenType to semicolon, but returning the TokenType
for '='. This caused programs like x;123 to be interpreted as
x=123.

• runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::Lexer::lex):
(JSC::LiteralParser<CharType>::Lexer::next):

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/jsonp-literal-parser-semicolon-is-not-assignment.js (added)
• JSTests/stress/resources/literal-parser-test-case.js (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/runtime/LiteralParser.cpp (modified) (2 diffs)

trunk/JSTests/ChangeLog

@@ +1 @@
+2017-08-30  Saam Barati  <sbarati@apple.com>
+
+        semicolon is being interpreted as an = in the LiteralParser
+        https://bugs.webkit.org/show_bug.cgi?id=176114
+
+        Reviewed by Oliver Hunt.
+
+        * stress/jsonp-literal-parser-semicolon-is-not-assignment.js: Added.
+        * stress/resources/literal-parser-test-case.js: Added.
+
 2017-08-30  Oleksandr Skachkov  <gskachkov@gmail.com>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2017-08-30  Saam Barati  <sbarati@apple.com>
+
+        semicolon is being interpreted as an = in the LiteralParser
+        https://bugs.webkit.org/show_bug.cgi?id=176114
+
+        Reviewed by Oliver Hunt.
+
+        When lexing a semicolon in the LiteralParser, we were properly
+        setting the TokenType on the current token, however, we were
+        *returning* the wrong TokenType. The lex function both returns
+        the TokenType and sets it on the current token. Semicolon was
+        setting the TokenType to semicolon, but returning the TokenType
+        for '='. This caused programs like `x;123` to be interpreted as
+        `x=123`.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser<CharType>::Lexer::lex):
+        (JSC::LiteralParser<CharType>::Lexer::next):
+
 2017-08-22  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/runtime/LiteralParser.cpp

@@ -273 +273 @@
             token.type = TokSemi;
             token.end = ++m_ptr;
-            return TokAssign;
+            return TokSemi;
         }
         if (isASCIIAlpha(*m_ptr) || *m_ptr == '_' || *m_ptr == '$')
@@ -318 +318 @@
 TokenType LiteralParser<CharType>::Lexer::next()
 {
+    TokenType result;
     if (m_mode == NonStrictJSON)
-        return lex<NonStrictJSON>(m_currentToken);
-    if (m_mode == JSONP)
-        return lex<JSONP>(m_currentToken);
-    return lex<StrictJSON>(m_currentToken);
+        result = lex<NonStrictJSON>(m_currentToken);
+    else if (m_mode == JSONP)
+        result = lex<JSONP>(m_currentToken);
+    else
+        result = lex<StrictJSON>(m_currentToken);
+    ASSERT(m_currentToken.type == result);
+    return result;
 }