[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

oliver at apple.com oliver at apple.com
Sun Feb 20 23:02:12 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit edebdc12e83851e86c682714c9a8278b6b394d38
Author: oliver at apple.com <oliver at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Jan 15 06:35:13 2011 +0000

    2011-01-14  Oliver Hunt  <oliver at apple.com>
    
            Reviewed by Maciej Stachowiak.
    
            [jsfunfuzz] Incorrect handling of consecutive duplicate labels
            https://bugs.webkit.org/show_bug.cgi?id=52505
    
            Add a few tests of consecutive labels containing duplicates to the parser check.
    
            * fast/js/parser-syntax-check-expected.txt:
            * fast/js/script-tests/parser-syntax-check.js:
    2011-01-14  Oliver Hunt  <oliver at apple.com>
    
            Reviewed by Maciej Stachowiak.
    
            [jsfunfuzz] Incorrect handling of consecutive duplicate labels
            https://bugs.webkit.org/show_bug.cgi?id=52505
    
            Compare StringImpl*'s instead of Identifier*'s when looking for duplicate
            labels.
    
            * parser/JSParser.cpp:
            (JSC::JSParser::parseExpressionOrLabelStatement):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75872 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 31d1c66..03cab35 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2011-01-14  Oliver Hunt  <oliver at apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        [jsfunfuzz] Incorrect handling of consecutive duplicate labels
+        https://bugs.webkit.org/show_bug.cgi?id=52505
+
+        Add a few tests of consecutive labels containing duplicates to the parser check.
+
+        * fast/js/parser-syntax-check-expected.txt:
+        * fast/js/script-tests/parser-syntax-check.js:
+
 2011-01-14  Dmitry Titov  <dimich at chromium.org>
 
         Not reviewed, update of Chromium test expectations.
diff --git a/LayoutTests/fast/js/parser-syntax-check-expected.txt b/LayoutTests/fast/js/parser-syntax-check-expected.txt
index cf085e4..e5f5dc1 100644
--- a/LayoutTests/fast/js/parser-syntax-check-expected.txt
+++ b/LayoutTests/fast/js/parser-syntax-check-expected.txt
@@ -531,6 +531,12 @@ PASS Invalid: "switch (4 - ) { }"
 PASS Invalid: "function f() { switch (4 - ) { } }"
 PASS Invalid: "switch (l) { default case: 5; }"
 PASS Invalid: "function f() { switch (l) { default case: 5; } }"
+PASS Invalid: "L: L: ;"
+PASS Invalid: "function f() { L: L: ; }"
+PASS Invalid: "L: L1: L: ;"
+PASS Invalid: "function f() { L: L1: L: ; }"
+PASS Invalid: "L: L1: L2: L3: L4: L: ;"
+PASS Invalid: "function f() { L: L1: L2: L3: L4: L: ; }"
 PASS successfullyParsed is true
 
 TEST COMPLETE
diff --git a/LayoutTests/fast/js/script-tests/parser-syntax-check.js b/LayoutTests/fast/js/script-tests/parser-syntax-check.js
index 135abf8..0603e56 100644
--- a/LayoutTests/fast/js/script-tests/parser-syntax-check.js
+++ b/LayoutTests/fast/js/script-tests/parser-syntax-check.js
@@ -339,4 +339,8 @@ valid  ("switch (l) { case 1: a: with(g) switch (g) { case 2: default: } default
 invalid("switch (4 - ) { }");
 invalid("switch (l) { default case: 5; }");
 
+invalid("L: L: ;");
+invalid("L: L1: L: ;");
+invalid("L: L1: L2: L3: L4: L: ;");
+
 var successfullyParsed = true;
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 059dd28..f496bb5 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,16 @@
+2011-01-14  Oliver Hunt  <oliver at apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        [jsfunfuzz] Incorrect handling of consecutive duplicate labels
+        https://bugs.webkit.org/show_bug.cgi?id=52505
+
+        Compare StringImpl*'s instead of Identifier*'s when looking for duplicate
+        labels.
+
+        * parser/JSParser.cpp:
+        (JSC::JSParser::parseExpressionOrLabelStatement):
+
 2011-01-14  Simon Fraser  <simon.fraser at apple.com>
 
         No review.
diff --git a/Source/JavaScriptCore/parser/JSParser.cpp b/Source/JavaScriptCore/parser/JSParser.cpp
index 792d19b..640f603 100644
--- a/Source/JavaScriptCore/parser/JSParser.cpp
+++ b/Source/JavaScriptCore/parser/JSParser.cpp
@@ -1308,7 +1308,7 @@ template <class TreeBuilder> TreeStatement JSParser::parseExpressionOrLabelState
             // This is O(N^2) over the current list of consecutive labels, but I
             // have never seen more than one label in a row in the real world.
             for (size_t i = 0; i < labels.size(); i++)
-                failIfTrue(ident == labels[i].m_ident);
+                failIfTrue(ident->impl() == labels[i].m_ident->impl());
             failIfTrue(getLabel(ident));
             labels.append(LabelInfo(ident, start, end));
         }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list