Fix Chromium bug 62639.

Add missing failure check after expecting an identifier in preparser.
This allowed code to use the non-existing literal.

Review URL: http://codereview.chromium.org/4800001

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/preparser.h b/src/preparser.h
index 44c55cf7db7cee8c410a816ec350e98671e747a7..952f25bc60d6d850fa9f4128477804f87cb3ef97 100644 (file)
--- a/src/preparser.h
+++ b/src/preparser.h
@@ -1370,6 +1370,7 @@ Expression PreParser<Scanner, Log>::GetStringSymbol() {
 template <typename Scanner, typename Log>
 Identifier PreParser<Scanner, Log>::ParseIdentifier(bool* ok) {
   Expect(i::Token::IDENTIFIER, ok);
+  if (!*ok) return kUnknownIdentifier;
   return GetIdentifierSymbol();
 }
 

diff --git a/test/cctest/test-parsing.cc b/test/cctest/test-parsing.cc
index 7ae8dcfa386d038b929306129e1df66c7ff17eef..0e7466a51c8076b2126d778ad47ae1b845f30634 100755 (executable)
--- a/test/cctest/test-parsing.cc
+++ b/test/cctest/test-parsing.cc
@@ -270,3 +270,26 @@ TEST(StandAlonePreParser) {
     CHECK(!data.has_error());
   }
 }
+
+
+TEST(RegressChromium62639) {
+  int marker;
+  i::StackGuard::SetStackLimit(
+      reinterpret_cast<uintptr_t>(&marker) - 128 * 1024);
+
+  // Ensure that the source code is so big that it triggers preparsing.
+  char buffer[4096];
+  const char* program_template = "var x = '%01024d';  // filler\n"
+                                 "escape: function() {}";
+  // Fails parsing expecting an identifier after "function".
+  // Before fix, didn't check *ok after Expect(Token::Identifier, ok),
+  // and then used the invalid currently scanned literal. This always
+  // failed in debug mode, and sometimes crashed in release mode.
+
+  snprintf(buffer, sizeof(buffer), program_template, 0);
+  unibrow::Utf8InputBuffer<256> stream(buffer, strlen(buffer));
+  i::ScriptDataImpl* data =
+      i::ParserApi::PreParse(i::Handle<i::String>::null(), &stream, NULL);
+  CHECK(data->HasError());
+  delete data;
+}