Welcome! Log In Create A New Profile

Advanced

[njs] Segfaults have been fixed when incorrect operands were used

Previous Message Next Message
Forum List Message List New Topic Print View
Igor Sysoev
July 26, 2016 11:00AM
details: http://hg.nginx.org/njs/rev/e4f1fda52fe8
branches:
changeset: 137:e4f1fda52fe8
user: Igor Sysoev <igor@sysoev.ru>
date: Tue Jul 26 16:25:58 2016 +0300
description:
Segfaults have been fixed when incorrect operands were used
in left-hand side expressions.

diffstat:

njs/njs_generator.c | 4 ----
njs/njs_nonrecursive_parser.c | 1 -
njs/njs_parser.c | 2 --
njs/njs_parser.h | 1 -
njs/njs_parser_expression.c | 15 ++++++++++-----
njs/test/njs_unit_test.c | 13 +++++++++++--
6 files changed, 21 insertions(+), 15 deletions(-)

diffs (145 lines):

diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_generator.c
--- a/njs/njs_generator.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_generator.c Tue Jul 26 16:25:58 2016 +0300
@@ -1263,7 +1263,6 @@ njs_generate_assignment(njs_vm_t *vm, nj
}

if (lvalue->state == NJS_VARIABLE_FIRST_ASSIGNMENT) {
- lvalue->lvalue = NJS_LVALUE_ASSIGNED;
value = njs_variable_value(parser, lvalue->index);
*value = expr->u.value;
node->index = expr->index;
@@ -2336,8 +2335,6 @@ njs_generator_dest_index(njs_vm_t *vm, n
dest = node->dest;

if (dest != NULL && dest->index != NJS_INDEX_NONE) {
- dest->lvalue = NJS_LVALUE_ASSIGNED;
-
return dest->index;
}

@@ -2363,7 +2360,6 @@ njs_generator_object_dest_index(njs_pars

if (node->left == NULL) {
/* Assign empty object directly to variable */
- dest->lvalue = NJS_LVALUE_ASSIGNED;
return index;
}
}
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_nonrecursive_parser.c
--- a/njs/njs_nonrecursive_parser.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_nonrecursive_parser.c Tue Jul 26 16:25:58 2016 +0300
@@ -569,7 +569,6 @@ njs_parser_name_expression(njs_vm_t *vm,
break;
}

- node->lvalue = NJS_LVALUE_ENABLED;
node->u.variable = var;
}
}
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_parser.c
--- a/njs/njs_parser.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_parser.c Tue Jul 26 16:25:58 2016 +0300
@@ -681,7 +681,6 @@ njs_parser_var_statement(njs_vm_t *vm, n
}

name->token = NJS_TOKEN_NAME;
- name->lvalue = NJS_LVALUE_ENABLED;
name->u.variable = var;

if (first) {
@@ -1535,7 +1534,6 @@ njs_parser_terminal(njs_vm_t *vm, njs_pa
}

parser->code_size += sizeof(njs_vmcode_object_copy_t);
- node->lvalue = NJS_LVALUE_ENABLED;
node->u.variable = var;
break;

diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_parser.h
--- a/njs/njs_parser.h Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_parser.h Tue Jul 26 16:25:58 2016 +0300
@@ -225,7 +225,6 @@ typedef struct njs_parser_node_s njs_
struct njs_parser_node_s {
njs_token_t token:8;
njs_variable_node_state_t state:8; /* 2 bits */
- njs_lvalue_state_t lvalue:2; /* 2 bits */
uint8_t ctor:1; /* 1 bit */
uint8_t temporary; /* 1 bit */
uint32_t token_line;
diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/njs_parser_expression.c
--- a/njs/njs_parser_expression.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/njs_parser_expression.c Tue Jul 26 16:25:58 2016 +0300
@@ -292,7 +292,7 @@ njs_parser_var_expression(njs_vm_t *vm,

node = parser->node;

- if (node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME) {
return njs_parser_invalid_lvalue(vm, parser, "assignment");
}

@@ -437,7 +437,9 @@ njs_parser_assignment_expression(njs_vm_

node = parser->node;

- if (node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME
+ && parser->node->token != NJS_TOKEN_PROPERTY)
+ {
return njs_parser_invalid_lvalue(vm, parser, "assignment");
}

@@ -809,7 +811,9 @@ njs_parser_inc_dec_expression(njs_vm_t *
return next;
}

- if (parser->node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME
+ && parser->node->token != NJS_TOKEN_PROPERTY)
+ {
return njs_parser_invalid_lvalue(vm, parser, "prefix operation");
}

@@ -861,7 +865,9 @@ njs_parser_post_inc_dec_expression(njs_v
return token;
}

- if (parser->node->lvalue == NJS_LVALUE_NONE) {
+ if (parser->node->token != NJS_TOKEN_NAME
+ && parser->node->token != NJS_TOKEN_PROPERTY)
+ {
return njs_parser_invalid_lvalue(vm, parser, "postfix operation");
}

@@ -1015,7 +1021,6 @@ njs_parser_property_expression(njs_vm_t
}

node->token = NJS_TOKEN_PROPERTY;
- node->lvalue = NJS_LVALUE_ENABLED;
node->u.operation = njs_vmcode_property_get;
node->left = parser->node;

diff -r 44e1a8aaa04e -r e4f1fda52fe8 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c Tue Jul 26 15:09:07 2016 +0300
+++ b/njs/test/njs_unit_test.c Tue Jul 26 16:25:58 2016 +0300
@@ -73,8 +73,17 @@ static njs_unit_test_t njs_test[] =
{ nxt_string("var f = 1; function f() {}"),
nxt_string("SyntaxError: Duplicate declaration \"f\" in 1") },

- { nxt_string("function f() {} var f = 1; f"),
- nxt_string("1") },
+ { nxt_string("f() = 1"),
+ nxt_string("ReferenceError: Invalid left-hand side in assignment in 1") },
+
+ { nxt_string("f.a() = 1"),
+ nxt_string("ReferenceError: Invalid left-hand side in assignment in 1") },
+
+ { nxt_string("++f()"),
+ nxt_string("ReferenceError: Invalid left-hand side in prefix operation in 1") },
+
+ { nxt_string("f()++"),
+ nxt_string("ReferenceError: Invalid left-hand side in postfix operation in 1") },

/* Numbers. */


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[njs] Segfaults have been fixed when incorrect operands were used

Igor Sysoev 657 July 26, 2016 11:00AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 244
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready