From fc6b94cc1a5fda8603e467a545fe13a31d890a8a Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Tue, 26 Jul 2016 16:25:58 +0300 Subject: [PATCH] Segfaults have been fixed when incorrect operands were used in left-hand side expressions. --- njs/njs_generator.c | 4 ---- njs/njs_nonrecursive_parser.c | 1 - njs/njs_parser.c | 2 -- njs/njs_parser.h | 1 - njs/njs_parser_expression.c | 15 ++++++++++----- njs/test/njs_unit_test.c | 13 +++++++++++-- 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/njs/njs_generator.c b/njs/njs_generator.c index feacaae4..9aacb5ef 100644 --- a/njs/njs_generator.c +++ b/njs/njs_generator.c @@ -1263,7 +1263,6 @@ njs_generate_assignment(njs_vm_t *vm, njs_parser_t *parser, } if (lvalue->state == NJS_VARIABLE_FIRST_ASSIGNMENT) { - lvalue->lvalue = NJS_LVALUE_ASSIGNED; value = njs_variable_value(parser, lvalue->index); *value = expr->u.value; node->index = expr->index; @@ -2336,8 +2335,6 @@ njs_generator_dest_index(njs_vm_t *vm, njs_parser_t *parser, dest = node->dest; if (dest != NULL && dest->index != NJS_INDEX_NONE) { - dest->lvalue = NJS_LVALUE_ASSIGNED; - return dest->index; } @@ -2363,7 +2360,6 @@ njs_generator_object_dest_index(njs_parser_t *parser, njs_parser_node_t *node) if (node->left == NULL) { /* Assign empty object directly to variable */ - dest->lvalue = NJS_LVALUE_ASSIGNED; return index; } } diff --git a/njs/njs_nonrecursive_parser.c b/njs/njs_nonrecursive_parser.c index 7e91fa3d..43442a9c 100644 --- a/njs/njs_nonrecursive_parser.c +++ b/njs/njs_nonrecursive_parser.c @@ -569,7 +569,6 @@ njs_parser_name_expression(njs_vm_t *vm, njs_parser_t *parser, break; } - node->lvalue = NJS_LVALUE_ENABLED; node->u.variable = var; } } diff --git a/njs/njs_parser.c b/njs/njs_parser.c index 20a00d1a..680cc6eb 100644 --- a/njs/njs_parser.c +++ b/njs/njs_parser.c @@ -681,7 +681,6 @@ njs_parser_var_statement(njs_vm_t *vm, njs_parser_t *parser) } name->token = NJS_TOKEN_NAME; - name->lvalue = NJS_LVALUE_ENABLED; name->u.variable = var; if (first) { @@ -1535,7 +1534,6 @@ njs_parser_terminal(njs_vm_t *vm, njs_parser_t *parser, njs_token_t token) } parser->code_size += sizeof(njs_vmcode_object_copy_t); - node->lvalue = NJS_LVALUE_ENABLED; node->u.variable = var; break; diff --git a/njs/njs_parser.h b/njs/njs_parser.h index 359e92f1..36662697 100644 --- a/njs/njs_parser.h +++ b/njs/njs_parser.h @@ -225,7 +225,6 @@ typedef struct njs_parser_node_s njs_parser_node_t; struct njs_parser_node_s { njs_token_t token:8; njs_variable_node_state_t state:8; /* 2 bits */ - njs_lvalue_state_t lvalue:2; /* 2 bits */ uint8_t ctor:1; /* 1 bit */ uint8_t temporary; /* 1 bit */ uint32_t token_line; diff --git a/njs/njs_parser_expression.c b/njs/njs_parser_expression.c index c6e02ecd..dc552e83 100644 --- a/njs/njs_parser_expression.c +++ b/njs/njs_parser_expression.c @@ -292,7 +292,7 @@ njs_parser_var_expression(njs_vm_t *vm, njs_parser_t *parser, njs_token_t token) node = parser->node; - if (node->lvalue == NJS_LVALUE_NONE) { + if (parser->node->token != NJS_TOKEN_NAME) { return njs_parser_invalid_lvalue(vm, parser, "assignment"); } @@ -437,7 +437,9 @@ njs_parser_assignment_expression(njs_vm_t *vm, njs_parser_t *parser, node = parser->node; - if (node->lvalue == NJS_LVALUE_NONE) { + if (parser->node->token != NJS_TOKEN_NAME + && parser->node->token != NJS_TOKEN_PROPERTY) + { return njs_parser_invalid_lvalue(vm, parser, "assignment"); } @@ -809,7 +811,9 @@ njs_parser_inc_dec_expression(njs_vm_t *vm, njs_parser_t *parser, return next; } - if (parser->node->lvalue == NJS_LVALUE_NONE) { + if (parser->node->token != NJS_TOKEN_NAME + && parser->node->token != NJS_TOKEN_PROPERTY) + { return njs_parser_invalid_lvalue(vm, parser, "prefix operation"); } @@ -861,7 +865,9 @@ njs_parser_post_inc_dec_expression(njs_vm_t *vm, njs_parser_t *parser, return token; } - if (parser->node->lvalue == NJS_LVALUE_NONE) { + if (parser->node->token != NJS_TOKEN_NAME + && parser->node->token != NJS_TOKEN_PROPERTY) + { return njs_parser_invalid_lvalue(vm, parser, "postfix operation"); } @@ -1015,7 +1021,6 @@ njs_parser_property_expression(njs_vm_t *vm, njs_parser_t *parser, } node->token = NJS_TOKEN_PROPERTY; - node->lvalue = NJS_LVALUE_ENABLED; node->u.operation = njs_vmcode_property_get; node->left = parser->node; diff --git a/njs/test/njs_unit_test.c b/njs/test/njs_unit_test.c index d678e6fb..acb34a3e 100644 --- a/njs/test/njs_unit_test.c +++ b/njs/test/njs_unit_test.c @@ -73,8 +73,17 @@ static njs_unit_test_t njs_test[] = { nxt_string("var f = 1; function f() {}"), nxt_string("SyntaxError: Duplicate declaration \"f\" in 1") }, - { nxt_string("function f() {} var f = 1; f"), - nxt_string("1") }, + { nxt_string("f() = 1"), + nxt_string("ReferenceError: Invalid left-hand side in assignment in 1") }, + + { nxt_string("f.a() = 1"), + nxt_string("ReferenceError: Invalid left-hand side in assignment in 1") }, + + { nxt_string("++f()"), + nxt_string("ReferenceError: Invalid left-hand side in prefix operation in 1") }, + + { nxt_string("f()++"), + nxt_string("ReferenceError: Invalid left-hand side in postfix operation in 1") }, /* Numbers. */ -- 2.47.3