Fix crash in duplicate labelled statement check

Testcase (part of parserstress in tests/auto/qml):

outer: {
   do {
      inner: {}
   } while (false)
}

The labelled statement visitor, when hitting the outter label, would call
enterLoop(), which sets _labelledStatement back to zero. That then gets added
to the Loop object the do-while loop creates, and the duplicate labelled
statement check then for inner would unconditionally dereference
loop->labelledStatement.

In all other places where we access loop->labelledStatement we have a null
pointer check, so let's have one here as well.

Change-Id: I9d5925a2abf4db691c49c0cdec3550938ee02efa
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

diff --git a/src/qml/compiler/qv4codegen.cpp b/src/qml/compiler/qv4codegen.cpp
index 43756a6..94562ea 100644 (file)
--- a/src/qml/compiler/qv4codegen.cpp
+++ b/src/qml/compiler/qv4codegen.cpp
@@ -2116,7 +2116,7 @@ bool Codegen::visit(LabelledStatement *ast)
     // check that no outer loop contains the label
     Loop *l = _loop;
     while (l) {
-        if (l->labelledStatement->label == ast->label) {
+        if (l->labelledStatement && l->labelledStatement->label == ast->label) {
             QString error = QString(QStringLiteral("Label '%1' has already been declared")).arg(ast->label.toString());
             throwSyntaxError(ast->firstSourceLocation(), error);
         }