Title: [178427] trunk
- Revision
- 178427
- Author
- msab...@apple.com
- Date
- 2015-01-14 10:48:58 -0800 (Wed, 14 Jan 2015)
Log Message
_javascript_ identifier incorrectly parsed if the prefix before an escape sequence is a keyword
https://bugs.webkit.org/show_bug.cgi?id=140420
Reviewed by Oliver Hunt.
Source/_javascript_Core:
Added new function isIdentPartIncludingEscape() that performs the original
isIdentPart() followed by a check for a valid unicode escape. If there is a
unicode escape, its resolved value is checked with isIdentPart().
* KeywordLookupGenerator.py:
(Trie.printSubTreeAsC):
(Trie.printAsC):
* parser/Lexer.cpp:
(JSC::isUnicodeEscapeIdentPart):
(JSC::isIdentPartIncludingEscape):
LayoutTests:
New regression test.
* js/regress-140420-expected.txt: Added.
* js/regress-140420.html: Added.
* js/script-tests/regress-140420.js: Added.
(with):
(this):
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (178426 => 178427)
--- trunk/LayoutTests/ChangeLog 2015-01-14 18:43:05 UTC (rev 178426)
+++ trunk/LayoutTests/ChangeLog 2015-01-14 18:48:58 UTC (rev 178427)
@@ -1,3 +1,18 @@
+2015-01-14 Michael Saboff <msab...@apple.com>
+
+ _javascript_ identifier incorrectly parsed if the prefix before an escape sequence is a keyword
+ https://bugs.webkit.org/show_bug.cgi?id=140420
+
+ Reviewed by Oliver Hunt.
+
+ New regression test.
+
+ * js/regress-140420-expected.txt: Added.
+ * js/regress-140420.html: Added.
+ * js/script-tests/regress-140420.js: Added.
+ (with):
+ (this):
+
2015-01-14 Jer Noble <jer.no...@apple.com>
Null-deref crash when seeking immediately before looping.
Added: trunk/LayoutTests/js/regress-140420-expected.txt (0 => 178427)
--- trunk/LayoutTests/js/regress-140420-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress-140420-expected.txt 2015-01-14 18:48:58 UTC (rev 178427)
@@ -0,0 +1,9 @@
+Regression test for https://webkit.org/b/140420. This test should run without throwing an exception.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/regress-140420.html (0 => 178427)
--- trunk/LayoutTests/js/regress-140420.html (rev 0)
+++ trunk/LayoutTests/js/regress-140420.html 2015-01-14 18:48:58 UTC (rev 178427)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/js/script-tests/regress-140420.js (0 => 178427)
--- trunk/LayoutTests/js/script-tests/regress-140420.js (rev 0)
+++ trunk/LayoutTests/js/script-tests/regress-140420.js 2015-01-14 18:48:58 UTC (rev 178427)
@@ -0,0 +1,19 @@
+description(
+"Regression test for https://webkit.org/b/140420. This test should run without throwing an exception."
+);
+
+function with\u00d1i\u00f1a(in\u00c7aVa)
+{
+ return in\u00c7aVa + 1;
+}
+
+function this\u038f\u03c1\u03b1()
+{
+ return\u038f\u03c1\u03b1 = new Date()
+
+ return return\u038f\u03c1\u03b1;
+}
+
+var var\u00c9ternit\u00e9 = with\u00d1i\u00f1a(1000);
+
+var var\u03a4\u03ce\u03c1\u03b1 = this\u038f\u03c1\u03b1();
Modified: trunk/Source/_javascript_Core/ChangeLog (178426 => 178427)
--- trunk/Source/_javascript_Core/ChangeLog 2015-01-14 18:43:05 UTC (rev 178426)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-01-14 18:48:58 UTC (rev 178427)
@@ -1,3 +1,21 @@
+2015-01-14 Michael Saboff <msab...@apple.com>
+
+ _javascript_ identifier incorrectly parsed if the prefix before an escape sequence is a keyword
+ https://bugs.webkit.org/show_bug.cgi?id=140420
+
+ Reviewed by Oliver Hunt.
+
+ Added new function isIdentPartIncludingEscape() that performs the original
+ isIdentPart() followed by a check for a valid unicode escape. If there is a
+ unicode escape, its resolved value is checked with isIdentPart().
+
+ * KeywordLookupGenerator.py:
+ (Trie.printSubTreeAsC):
+ (Trie.printAsC):
+ * parser/Lexer.cpp:
+ (JSC::isUnicodeEscapeIdentPart):
+ (JSC::isIdentPartIncludingEscape):
+
2015-01-13 Joseph Pecoraro <pecor...@apple.com>
Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
Modified: trunk/Source/_javascript_Core/KeywordLookupGenerator.py (178426 => 178427)
--- trunk/Source/_javascript_Core/KeywordLookupGenerator.py 2015-01-14 18:43:05 UTC (rev 178426)
+++ trunk/Source/_javascript_Core/KeywordLookupGenerator.py 2015-01-14 18:48:58 UTC (rev 178427)
@@ -141,7 +141,7 @@
str = makePadding(indent)
if self.value != None:
- print(str + "if (!isIdentPart(code[%d])) {" % (len(self.fullPrefix)))
+ print(str + "if (!isIdentPartIncludingEscape(code+%d, m_codeEnd)) {" % (len(self.fullPrefix)))
print(str + " internalShift<%d>();" % len(self.fullPrefix))
print(str + " if (shouldCreateIdentifier)")
print(str + (" data->ident = &m_vm->propertyNames->%sKeyword;" % self.fullPrefix))
@@ -184,8 +184,8 @@
def printAsC(self):
print("namespace JSC {")
print("")
- print("static ALWAYS_INLINE bool isIdentPart(LChar c);")
- print("static ALWAYS_INLINE bool isIdentPart(UChar c);")
+ print("static ALWAYS_INLINE bool isIdentPartIncludingEscape(const LChar* code, const LChar* codeEnd);")
+ print("static ALWAYS_INLINE bool isIdentPartIncludingEscape(const UChar* code, const UChar* codeEnd);")
# max length + 1 so we don't need to do any bounds checking at all
print("static const int maxTokenLength = %d;" % (self.maxLength() + 1))
print("")
Modified: trunk/Source/_javascript_Core/parser/Lexer.cpp (178426 => 178427)
--- trunk/Source/_javascript_Core/parser/Lexer.cpp 2015-01-14 18:43:05 UTC (rev 178426)
+++ trunk/Source/_javascript_Core/parser/Lexer.cpp 2015-01-14 18:48:58 UTC (rev 178427)
@@ -681,6 +681,36 @@
return isLatin1(c) ? isIdentPart(static_cast<LChar>(c)) : isNonLatin1IdentPart(c);
}
+template <typename T>
+bool isUnicodeEscapeIdentPart(const T* code)
+{
+ T char1 = code[0];
+ T char2 = code[1];
+ T char3 = code[2];
+ T char4 = code[3];
+
+ if (!isASCIIHexDigit(char1) || !isASCIIHexDigit(char2) || !isASCIIHexDigit(char3) || !isASCIIHexDigit(char4))
+ return false;
+
+ return isIdentPart(Lexer<T>::convertUnicode(char1, char2, char3, char4));
+}
+
+static ALWAYS_INLINE bool isIdentPartIncludingEscape(const LChar* code, const LChar* codeEnd)
+{
+ if (isIdentPart(*code))
+ return true;
+
+ return (*code == '\\' && ((codeEnd - code) >= 6) && code[1] == 'u' && isUnicodeEscapeIdentPart(code+2));
+}
+
+static ALWAYS_INLINE bool isIdentPartIncludingEscape(const UChar* code, const UChar* codeEnd)
+{
+ if (isIdentPart(*code))
+ return true;
+
+ return (*code == '\\' && ((codeEnd - code) >= 6) && code[1] == 'u' && isUnicodeEscapeIdentPart(code+2));
+}
+
static inline LChar singleEscape(int c)
{
if (c < 128) {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes