Fix assignment validation in parser_append_binary_token (#3594)

Fixes #3589

JerryScript-DCO-1.0-Signed-off-by: Adam Szilagyi aszilagy@inf.u-szeged.hu

jerry-core/parser/js/js-parser-expr.c

@@ -98,9 +98,8 @@ parser_push_result (parser_context_t *context_p) /**< context */
 static void
 parser_check_invalid_assign (parser_context_t *context_p) /**< context */
 {
-  JERRY_ASSERT (context_p->last_cbc.literal_type == LEXER_IDENT_LITERAL);
-
-  if (JERRY_UNLIKELY (context_p->status_flags & PARSER_IS_STRICT))
+  if (context_p->last_cbc.literal_type == LEXER_IDENT_LITERAL
+      && JERRY_UNLIKELY (context_p->status_flags & PARSER_IS_STRICT))
   {
     if (context_p->last_cbc.literal_keyword_type == LEXER_KEYW_EVAL)
     {
@@ -2198,10 +2197,19 @@ parser_append_binary_single_assignment_token (parser_context_t *context_p, /**<
   }
   else if (context_p->last_cbc_opcode == CBC_PUSH_THIS_LITERAL)
   {
-    context_p->last_cbc_opcode = CBC_PUSH_THIS;
-    parser_flush_cbc (context_p);
-    parser_stack_push_uint16 (context_p, context_p->last_cbc.literal_index);
-    parser_stack_push_uint8 (context_p, assign_ident_opcode);
+    if (context_p->last_cbc.literal_type != LEXER_IDENT_LITERAL)
+    {
+      parser_emit_cbc_ext (context_p, CBC_EXT_THROW_REFERENCE_ERROR);
+      parser_stack_push_uint8 (context_p, CBC_ASSIGN);
+    }
+    else
+    {
+      parser_check_invalid_assign (context_p);
+      context_p->last_cbc_opcode = CBC_PUSH_THIS;
+      parser_flush_cbc (context_p);
+      parser_stack_push_uint16 (context_p, context_p->last_cbc.literal_index);
+      parser_stack_push_uint8 (context_p, assign_ident_opcode);
+    }
   }
   else if (context_p->last_cbc_opcode == CBC_PUSH_PROP)
   {
@@ -2290,9 +2298,18 @@ parser_append_binary_token (parser_context_t *context_p) /**< context */
     }
     else if (context_p->last_cbc_opcode == CBC_PUSH_THIS_LITERAL)
     {
-      context_p->last_cbc_opcode = CBC_PUSH_THIS;
-      parser_flush_cbc (context_p);
-      context_p->last_cbc_opcode = CBC_PUSH_IDENT_REFERENCE;
+      if (context_p->last_cbc.literal_type != LEXER_IDENT_LITERAL)
+      {
+        parser_emit_cbc_ext (context_p, CBC_EXT_THROW_REFERENCE_ERROR);
+        parser_emit_cbc (context_p, CBC_PUSH_PROP_REFERENCE);
+      }
+      else
+      {
+        parser_check_invalid_assign (context_p);
+        context_p->last_cbc_opcode = CBC_PUSH_THIS;
+        parser_flush_cbc (context_p);
+        context_p->last_cbc_opcode = CBC_PUSH_IDENT_REFERENCE;
+      }
     }
     else
     {

tests/jerry/es2015/regression-test-issue-3589.js

@@ -0,0 +1,27 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+try {
+  [this,000000000,this,99999999=9999999];
+  assert(false);
+} catch (e) {
+  assert(e instanceof ReferenceError);
+}
+
+try {
+  [this,999+=8];
+  assert(false);
+} catch (e) {
+  assert(e instanceof ReferenceError);
+}