]> git.kaiwu.me - njs.git/commitdiff
projects / njs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d4b87ee)
Fixed for-in rhs expression parsing error handling.
authorVadim Zhestikov <v.zhestikov@f5.com>
Wed, 16 Nov 2022 17:15:39 +0000 (09:15 -0800)
committerVadim Zhestikov <v.zhestikov@f5.com>
Wed, 16 Nov 2022 17:15:39 +0000 (09:15 -0800)
This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53426.

src/njs_parser.c patch | blob | history
src/test/njs_unit_test.c patch | blob | history

diff --git a/src/njs_parser.c b/src/njs_parser.c
index ee7ce9f3871bb881292e75f661d51878cdf13ba1..21cdf654201dd80e218bca7d0d51f8f979d37bfc 100644 (file)
--- a/src/njs_parser.c
+++ b/src/njs_parser.c
@@ -6054,7 +6054,7 @@ njs_parser_for_in_statement_statement(njs_parser_t *parser,
 {
     njs_parser_node_t  *forin;
 
-    if (token->type != NJS_TOKEN_CLOSE_PARENTHESIS) {
+    if (parser->ret != NJS_OK || token->type != NJS_TOKEN_CLOSE_PARENTHESIS) {
         return njs_parser_failed(parser);
     }
 
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index bd1c1832f96f4e10636d1b6663c40ea9f20e9ade..5ce4d075814899e3c6e3a0a92387212e6988e57b 100644 (file)
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -2962,6 +2962,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("for ((a,b,c) => {};;) {break}"),
       njs_str("undefined") },
 
+    { njs_str("for(I in``[)8"),
+      njs_str("SyntaxError: Unexpected token \")\" in 1") },
+
     /* switch. */
 
     { njs_str("switch"),
njs upstream