[njs] Segfaults have been fixed when incorrect operands were used
Igor Sysoev
igor at sysoev.ru
Tue Jul 26 14:58:18 UTC 2016
details: http://hg.nginx.org/njs/rev/e4f1fda52fe8
branches:
changeset: 137:e4f1fda52fe8
user: Igor Sysoev <igor at sysoev.ru>
date: Tue Jul 26 16:25:58 2016 +0300
description:
Segfaults have been fixed when incorrect operands were used
in left-hand side expressions.
diffstat:
njs/njs_generator.c | 4 ----
njs/njs_nonrecursive_parser.c | 1 -
njs/njs_parser.c | 2 --
njs/njs_parser.h | 1 -
njs/njs_parser_expression.c | 15 ++++++++++-----
njs/test/njs_unit_test.c | 13 +++++++++++--
6 files changed, 21 insertions(+), 15 deletions(-)
diffs (145 lines):
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_generator.c
--- a/njs/njs_generator.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_generator.c Tue Jul 26 16:25:58 2016 +0300
@@ -1263,7 +1263,6 @@ njs_generate_assignment(njs_vm_t *vm, nj
}
if (lvalue->state == NJS_VARIABLE_FIRST_ASSIGNMENT) {
- lvalue->lvalue = NJS_LVALUE_ASSIGNED;
value = njs_variable_value(parser, lvalue->index);
*value = expr->u.value;
node->index = expr->index;
@@ -2336,8 +2335,6 @@ njs_generator_dest_index(njs_vm_t *vm, n
dest = node->dest;
if (dest != NULL && dest->index != NJS_INDEX_NONE) {
- dest->lvalue = NJS_LVALUE_ASSIGNED;
-
return dest->index;
}
@@ -2363,7 +2360,6 @@ njs_generator_object_dest_index(njs_pars
if (node->left == NULL) {
/* Assign empty object directly to variable */
- dest->lvalue = NJS_LVALUE_ASSIGNED;
return index;
}
}
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_nonrecursive_parser.c
--- a/njs/njs_nonrecursive_parser.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_nonrecursive_parser.c Tue Jul 26 16:25:58 2016 +0300
@@ -569,7 +569,6 @@ njs_parser_name_expression(njs_vm_t *vm,
break;
}
- node->lvalue = NJS_LVALUE_ENABLED;
node->u.variable = var;
}
}
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_parser.c
--- a/njs/njs_parser.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_parser.c Tue Jul 26 16:25:58 2016 +0300
@@ -681,7 +681,6 @@ njs_parser_var_statement(njs_vm_t *vm, n
}
name->token = NJS_TOKEN_NAME;
- name->lvalue = NJS_LVALUE_ENABLED;
name->u.variable = var;
if (first) {
@@ -1535,7 +1534,6 @@ njs_parser_terminal(njs_vm_t *vm, njs_pa
}
parser->code_size += sizeof(njs_vmcode_object_copy_t);
- node->lvalue = NJS_LVALUE_ENABLED;
node->u.variable = var;
break;
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_parser.h
--- a/njs/njs_parser.h Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_parser.h Tue Jul 26 16:25:58 2016 +0300
@@ -225,7 +225,6 @@ typedef struct njs_parser_node_s njs_
struct njs_parser_node_s {
njs_token_t token:8;
njs_variable_node_state_t state:8; /* 2 bits */
- njs_lvalue_state_t lvalue:2; /* 2 bits */
uint8_t ctor:1; /* 1 bit */
uint8_t temporary; /* 1 bit */
uint32_t token_line;
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_parser_expression.c
--- a/njs/njs_parser_expression.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_parser_expression.c Tue Jul 26 16:25:58 2016 +0300
@@ -292,7 +292,7 @@ njs_parser_var_expression(njs_vm_t *vm,
node = parser->node;
- if (node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME) {
return njs_parser_invalid_lvalue(vm, parser, "assignment");
}
@@ -437,7 +437,9 @@ njs_parser_assignment_expression(njs_vm_
node = parser->node;
- if (node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME
+ && parser->node->token != NJS_TOKEN_PROPERTY)
+ {
return njs_parser_invalid_lvalue(vm, parser, "assignment");
}
@@ -809,7 +811,9 @@ njs_parser_inc_dec_expression(njs_vm_t *
return next;
}
- if (parser->node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME
+ && parser->node->token != NJS_TOKEN_PROPERTY)
+ {
return njs_parser_invalid_lvalue(vm, parser, "prefix operation");
}
@@ -861,7 +865,9 @@ njs_parser_post_inc_dec_expression(njs_v
return token;
}
- if (parser->node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME
+ && parser->node->token != NJS_TOKEN_PROPERTY)
+ {
return njs_parser_invalid_lvalue(vm, parser, "postfix operation");
}
@@ -1015,7 +1021,6 @@ njs_parser_property_expression(njs_vm_t
}
node->token = NJS_TOKEN_PROPERTY;
- node->lvalue = NJS_LVALUE_ENABLED;
node->u.operation = njs_vmcode_property_get;
node->left = parser->node;
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/test/njs_unit_test.c Tue Jul 26 16:25:58 2016 +0300
@@ -73,8 +73,17 @@ static njs_unit_test_t njs_test[] =
{ nxt_string("var f = 1; function f() {}"),
nxt_string("SyntaxError: Duplicate declaration \"f\" in 1") },
- { nxt_string("function f() {} var f = 1; f"),
- nxt_string("1") },
+ { nxt_string("f() = 1"),
+ nxt_string("ReferenceError: Invalid left-hand side in assignment in 1") },
+
+ { nxt_string("f.a() = 1"),
+ nxt_string("ReferenceError: Invalid left-hand side in assignment in 1") },
+
+ { nxt_string("++f()"),
+ nxt_string("ReferenceError: Invalid left-hand side in prefix operation in 1") },
+
+ { nxt_string("f()++"),
+ nxt_string("ReferenceError: Invalid left-hand side in postfix operation in 1") },
/* Numbers. */
More information about the nginx-devel
mailing list