From 7ea93aff4ceeb44c039eaa871253651b31dd7b53 Mon Sep 17 00:00:00 2001 From: Szilagyi Adam Date: Mon, 16 Mar 2020 15:02:37 +0100 Subject: [PATCH] Fix assignment validation in parser_append_binary_token (#3594) Fixes #3589 JerryScript-DCO-1.0-Signed-off-by: Adam Szilagyi aszilagy@inf.u-szeged.hu --- jerry-core/parser/js/js-parser-expr.c | 37 ++++++++++++++----- .../es2015/regression-test-issue-3589.js | 27 ++++++++++++++ 2 files changed, 54 insertions(+), 10 deletions(-) create mode 100644 tests/jerry/es2015/regression-test-issue-3589.js diff --git a/jerry-core/parser/js/js-parser-expr.c b/jerry-core/parser/js/js-parser-expr.c index fcc9e2962..1ab724a75 100644 --- a/jerry-core/parser/js/js-parser-expr.c +++ b/jerry-core/parser/js/js-parser-expr.c @@ -98,9 +98,8 @@ parser_push_result (parser_context_t *context_p) /**< context */ static void parser_check_invalid_assign (parser_context_t *context_p) /**< context */ { - JERRY_ASSERT (context_p->last_cbc.literal_type == LEXER_IDENT_LITERAL); - - if (JERRY_UNLIKELY (context_p->status_flags & PARSER_IS_STRICT)) + if (context_p->last_cbc.literal_type == LEXER_IDENT_LITERAL + && JERRY_UNLIKELY (context_p->status_flags & PARSER_IS_STRICT)) { if (context_p->last_cbc.literal_keyword_type == LEXER_KEYW_EVAL) { @@ -2198,10 +2197,19 @@ parser_append_binary_single_assignment_token (parser_context_t *context_p, /**< } else if (context_p->last_cbc_opcode == CBC_PUSH_THIS_LITERAL) { - context_p->last_cbc_opcode = CBC_PUSH_THIS; - parser_flush_cbc (context_p); - parser_stack_push_uint16 (context_p, context_p->last_cbc.literal_index); - parser_stack_push_uint8 (context_p, assign_ident_opcode); + if (context_p->last_cbc.literal_type != LEXER_IDENT_LITERAL) + { + parser_emit_cbc_ext (context_p, CBC_EXT_THROW_REFERENCE_ERROR); + parser_stack_push_uint8 (context_p, CBC_ASSIGN); + } + else + { + parser_check_invalid_assign (context_p); + context_p->last_cbc_opcode = CBC_PUSH_THIS; + parser_flush_cbc (context_p); + parser_stack_push_uint16 (context_p, context_p->last_cbc.literal_index); + parser_stack_push_uint8 (context_p, assign_ident_opcode); + } } else if (context_p->last_cbc_opcode == CBC_PUSH_PROP) { @@ -2290,9 +2298,18 @@ parser_append_binary_token (parser_context_t *context_p) /**< context */ } else if (context_p->last_cbc_opcode == CBC_PUSH_THIS_LITERAL) { - context_p->last_cbc_opcode = CBC_PUSH_THIS; - parser_flush_cbc (context_p); - context_p->last_cbc_opcode = CBC_PUSH_IDENT_REFERENCE; + if (context_p->last_cbc.literal_type != LEXER_IDENT_LITERAL) + { + parser_emit_cbc_ext (context_p, CBC_EXT_THROW_REFERENCE_ERROR); + parser_emit_cbc (context_p, CBC_PUSH_PROP_REFERENCE); + } + else + { + parser_check_invalid_assign (context_p); + context_p->last_cbc_opcode = CBC_PUSH_THIS; + parser_flush_cbc (context_p); + context_p->last_cbc_opcode = CBC_PUSH_IDENT_REFERENCE; + } } else { diff --git a/tests/jerry/es2015/regression-test-issue-3589.js b/tests/jerry/es2015/regression-test-issue-3589.js new file mode 100644 index 000000000..52576dd89 --- /dev/null +++ b/tests/jerry/es2015/regression-test-issue-3589.js @@ -0,0 +1,27 @@ +// Copyright JS Foundation and other contributors, http://js.foundation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +try { + [this,000000000,this,99999999=9999999]; + assert(false); +} catch (e) { + assert(e instanceof ReferenceError); +} + +try { + [this,999+=8]; + assert(false); +} catch (e) { + assert(e instanceof ReferenceError); +}