Changeset 239961 in webkit
- Timestamp:
- Jan 14, 2019 4:39:28 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/big-int-literal-inside-literal-object.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/parser/Parser.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r239951 r239961 1 2019-01-14 Caio Lima <ticaiolima@gmail.com> 2 3 [BigInt] Literal parsing is crashing when used inside a Object Literal 4 https://bugs.webkit.org/show_bug.cgi?id=193404 5 6 Reviewed by Yusuke Suzuki. 7 8 * stress/big-int-literal-inside-literal-object.js: Added. 9 1 10 2019-01-14 Yusuke Suzuki <yusukesuzuki@slowstart.org> 2 11 -
trunk/Source/JavaScriptCore/ChangeLog
r239951 r239961 1 2019-01-14 Caio Lima <ticaiolima@gmail.com> 2 3 [BigInt] Literal parsing is crashing when used inside a Object Literal 4 https://bugs.webkit.org/show_bug.cgi?id=193404 5 6 Reviewed by Yusuke Suzuki. 7 8 Former implementation was relying into token.m_data.radix after the 9 call of `next()` into Parser.cpp. This is not safe because next 10 clobbers token.m_data.radix in some cases (e.g is CLOSEBRACE). 11 Now we get radix value before calling `next()` into parser and store 12 in a local variable. 13 14 * parser/Parser.cpp: 15 (JSC::Parser<LexerType>::parsePrimaryExpression): 16 1 17 2019-01-14 Yusuke Suzuki <yusukesuzuki@slowstart.org> 2 18 -
trunk/Source/JavaScriptCore/parser/Parser.cpp
r239774 r239961 4520 4520 case BIGINT: { 4521 4521 const Identifier* ident = m_token.m_data.bigIntString; 4522 uint8_t radix = m_token.m_data.radix; 4522 4523 JSTokenLocation location(tokenLocation()); 4523 4524 next(); 4524 return context.createBigInt(location, ident, m_token.m_data.radix);4525 return context.createBigInt(location, ident, radix); 4525 4526 } 4526 4527 case STRING: {
Note: See TracChangeset
for help on using the changeset viewer.
