Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(398)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/parser.cc

Issue 1023483003: Parser: Fix crash on stack overflow when lazy-parsing arrow functions (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Fix nits as per review comments Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-465671.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #include "src/api.h" 7 #include "src/api.h"
8 #include "src/ast.h" 8 #include "src/ast.h"
9 #include "src/bailout-reason.h" 9 #include "src/bailout-reason.h"
10 #include "src/base/platform/platform.h" 10 #include "src/base/platform/platform.h"
(...skipping 1127 matching lines...) Expand 10 before | Expand all | Expand 10 after
1138 : FunctionLiteral::NAMED_EXPRESSION) 1138 : FunctionLiteral::NAMED_EXPRESSION)
1139 : FunctionLiteral::DECLARATION; 1139 : FunctionLiteral::DECLARATION;
1140 bool ok = true; 1140 bool ok = true;
1141 1141
1142 if (shared_info->is_arrow()) { 1142 if (shared_info->is_arrow()) {
1143 // The first expression being parsed is the parameter list of the arrow 1143 // The first expression being parsed is the parameter list of the arrow
1144 // function. Setting this avoids prevents ExpressionFromIdentifier() 1144 // function. Setting this avoids prevents ExpressionFromIdentifier()
1145 // from creating unresolved variables in already-resolved scopes. 1145 // from creating unresolved variables in already-resolved scopes.
1146 parsing_lazy_arrow_parameters_ = true; 1146 parsing_lazy_arrow_parameters_ = true;
1147 Expression* expression = ParseExpression(false, &ok); 1147 Expression* expression = ParseExpression(false, &ok);
1148 DCHECK(expression->IsFunctionLiteral()); 1148 if (ok) {
1149 result = expression->AsFunctionLiteral(); 1149 // Scanning must end at the same position that was recorded
1150 // previously. If not, parsing has been interrupted due to a
1151 // stack overflow, at which point the partially parsed arrow
1152 // function concise body happens to be a valid expression. This
1153 // is a problem only for arrow functions with single statement
1154 // bodies, since there is no end token suck as "}" for normal
marja 2015/03/23 10:56:31 ... unintentional swearing? :)
1155 // functions.
1156 if (scanner()->location().end_pos == shared_info->end_position()) {
1157 // The pre-parser saw an arrow function here, so the full parser
1158 // must produce a FunctionLiteral.
1159 DCHECK(expression->IsFunctionLiteral());
1160 result = expression->AsFunctionLiteral();
1161 } else {
1162 result = NULL;
1163 ok = false;
1164 }
1165 }
1150 } else if (shared_info->is_default_constructor()) { 1166 } else if (shared_info->is_default_constructor()) {
1151 result = DefaultConstructor(IsSubclassConstructor(shared_info->kind()), 1167 result = DefaultConstructor(IsSubclassConstructor(shared_info->kind()),
1152 scope, shared_info->start_position(), 1168 scope, shared_info->start_position(),
1153 shared_info->end_position()); 1169 shared_info->end_position());
1154 } else { 1170 } else {
1155 result = ParseFunctionLiteral(raw_name, Scanner::Location::invalid(), 1171 result = ParseFunctionLiteral(raw_name, Scanner::Location::invalid(),
1156 false, // Strict mode name already checked. 1172 false, // Strict mode name already checked.
1157 shared_info->kind(), RelocInfo::kNoPosition, 1173 shared_info->kind(), RelocInfo::kNoPosition,
1158 function_type, 1174 function_type,
1159 FunctionLiteral::NORMAL_ARITY, &ok); 1175 FunctionLiteral::NORMAL_ARITY, &ok);
(...skipping 4375 matching lines...) Expand 10 before | Expand all | Expand 10 after
5535 } else { 5551 } else {
5536 const uc16* data = reinterpret_cast<const uc16*>(raw_string->raw_data()); 5552 const uc16* data = reinterpret_cast<const uc16*>(raw_string->raw_data());
5537 running_hash = StringHasher::ComputeRunningHash(running_hash, data, 5553 running_hash = StringHasher::ComputeRunningHash(running_hash, data,
5538 raw_string->length()); 5554 raw_string->length());
5539 } 5555 }
5540 } 5556 }
5541 5557
5542 return running_hash; 5558 return running_hash;
5543 } 5559 }
5544 } } // namespace v8::internal 5560 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-crbug-465671.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698