[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

oliver at apple.com oliver at apple.com
Sun Feb 20 23:04:18 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit 3e7b1a633c927bde458b37c7921a09d6953bd4fe
Author: oliver at apple.com <oliver at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Jan 17 01:52:16 2011 +0000

    2011-01-16  Oliver Hunt  <oliver at apple.com>
    
            Reviewed by Sam Weinig.
    
            [jsfunfuzz] Parser doesn't correctly validate for-loop syntax
            https://bugs.webkit.org/show_bug.cgi?id=52516
    
            Add test for the case where a syntax error immediately follows
            multiple declarations in a for-loop initialiser.
    
            * fast/js/parser-syntax-check-expected.txt:
            * fast/js/script-tests/parser-syntax-check.js:
    2011-01-16  Oliver Hunt  <oliver at apple.com>
    
            Reviewed by Sam Weinig.
    
            [jsfunfuzz] Parser doesn't correctly validate for-loop syntax
            https://bugs.webkit.org/show_bug.cgi?id=52516
    
            Ensure that we always check for a semicolon after encountering
            multiple declarations in the initialiser portion of a for-loop.
    
            * parser/JSParser.cpp:
            (JSC::JSParser::parseForStatement):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 2210dc4..6da3e79 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,5 +1,18 @@
 2011-01-16  Oliver Hunt  <oliver at apple.com>
 
+        Reviewed by Sam Weinig.
+
+        [jsfunfuzz] Parser doesn't correctly validate for-loop syntax
+        https://bugs.webkit.org/show_bug.cgi?id=52516
+
+        Add test for the case where a syntax error immediately follows
+        multiple declarations in a for-loop initialiser.
+
+        * fast/js/parser-syntax-check-expected.txt:
+        * fast/js/script-tests/parser-syntax-check.js:
+
+2011-01-16  Oliver Hunt  <oliver at apple.com>
+
         Reviewed by Geoffrey Garen.
 
         Strict mode restrictions on arguments and eval usage aren't complete
diff --git a/LayoutTests/fast/js/parser-syntax-check-expected.txt b/LayoutTests/fast/js/parser-syntax-check-expected.txt
index e5f5dc1..ef6764d 100644
--- a/LayoutTests/fast/js/parser-syntax-check-expected.txt
+++ b/LayoutTests/fast/js/parser-syntax-check-expected.txt
@@ -537,6 +537,10 @@ PASS Invalid: "L: L1: L: ;"
 PASS Invalid: "function f() { L: L1: L: ; }"
 PASS Invalid: "L: L1: L2: L3: L4: L: ;"
 PASS Invalid: "function f() { L: L1: L2: L3: L4: L: ; }"
+PASS Invalid: "for(var a,b 'this shouldn't be allowed' false ; ) ;"
+PASS Invalid: "function f() { for(var a,b 'this shouldn't be allowed' false ; ) ; }"
+PASS Invalid: "for(var a,b '"
+PASS Invalid: "function f() { for(var a,b ' }"
 PASS successfullyParsed is true
 
 TEST COMPLETE
diff --git a/LayoutTests/fast/js/script-tests/parser-syntax-check.js b/LayoutTests/fast/js/script-tests/parser-syntax-check.js
index 0603e56..4424e50 100644
--- a/LayoutTests/fast/js/script-tests/parser-syntax-check.js
+++ b/LayoutTests/fast/js/script-tests/parser-syntax-check.js
@@ -343,4 +343,7 @@ invalid("L: L: ;");
 invalid("L: L1: L: ;");
 invalid("L: L1: L2: L3: L4: L: ;");
 
+invalid("for(var a,b 'this shouldn\'t be allowed' false ; ) ;");
+invalid("for(var a,b '");
+
 var successfullyParsed = true;
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 9eb0f9a..fc61bad 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,5 +1,18 @@
 2011-01-16  Oliver Hunt  <oliver at apple.com>
 
+        Reviewed by Sam Weinig.
+
+        [jsfunfuzz] Parser doesn't correctly validate for-loop syntax
+        https://bugs.webkit.org/show_bug.cgi?id=52516
+
+        Ensure that we always check for a semicolon after encountering
+        multiple declarations in the initialiser portion of a for-loop.
+
+        * parser/JSParser.cpp:
+        (JSC::JSParser::parseForStatement):
+
+2011-01-16  Oliver Hunt  <oliver at apple.com>
+
         Reviewed by Geoffrey Garen.
 
         Strict mode restrictions on arguments and eval usage aren't complete
diff --git a/Source/JavaScriptCore/parser/JSParser.cpp b/Source/JavaScriptCore/parser/JSParser.cpp
index 0299621..37b7f90 100644
--- a/Source/JavaScriptCore/parser/JSParser.cpp
+++ b/Source/JavaScriptCore/parser/JSParser.cpp
@@ -795,9 +795,11 @@ template <class TreeBuilder> TreeStatement JSParser::parseForStatement(TreeBuild
             fail();
 
         // Remainder of a standard for loop is handled identically
-        if (declarations > 1 || match(SEMICOLON))
+        if (match(SEMICOLON))
             goto standardForLoop;
 
+        failIfFalse(declarations == 1);
+
         // Handle for-in with var declaration
         int inLocation = tokenStart();
         if (!consume(INTOKEN))

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list