[Pkg-javascript-commits] [uglifyjs] 24/491: fix fuzzer on `this` (#1842)
Jonas Smedegaard
dr at jones.dk
Wed Feb 14 19:51:18 UTC 2018
This is an automated email from the git hooks/post-receive script.
js pushed a commit to annotated tag debian/3.3.10-1
in repository uglifyjs.
commit 76d19b60ad5f6c7191eece8f8d224bdf4d920599
Author: Alex Lam S.L <alexlamsl at gmail.com>
Date: Mon Apr 24 03:15:03 2017 +0800
fix fuzzer on `this` (#1842)
- forbid redeclaration of `this`
- suppress probability for `this` within nested functions
---
test/ufuzz.js | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/test/ufuzz.js b/test/ufuzz.js
index 12c6265..48e33f7 100644
--- a/test/ufuzz.js
+++ b/test/ufuzz.js
@@ -513,7 +513,6 @@ function createStatement(recurmax, canThrow, canBreak, canContinue, cannotReturn
// we have to do go through some trouble here to prevent leaking it
var nameLenBefore = VAR_NAMES.length;
var catchName = createVarName(MANDATORY);
- if (catchName == 'this') catchName = 'a';
var freshCatchName = VAR_NAMES.length !== nameLenBefore;
s += ' catch (' + catchName + ') { ' + createStatements(3, recurmax, canThrow, canBreak, canContinue, cannotReturn, stmtDepth) + ' }';
if (freshCatchName) VAR_NAMES.splice(nameLenBefore, 1); // remove catch name
@@ -631,13 +630,16 @@ function _createExpression(recurmax, noComma, stmtDepth, canThrow) {
);
break;
default:
- if (rng(4) == 0) s.push('function ' + name + '(){');
- else {
- VAR_NAMES.push('this');
- s.push('new function ' + name + '(){');
+ var instantiate = rng(4) ? 'new ' : '';
+ s.push(
+ instantiate + 'function ' + name + '(){',
+ strictMode()
+ );
+ if (instantiate) for (var i = rng(4); --i >= 0;) {
+ if (rng(2)) s.push('this.' + getDotKey() + createAssignment() + _createBinaryExpr(recurmax, noComma, stmtDepth, canThrow) + ';');
+ else s.push('this[' + createExpression(recurmax, COMMA_OK, stmtDepth, canThrow) + ']' + createAssignment() + _createBinaryExpr(recurmax, noComma, stmtDepth, canThrow) + ';');
}
s.push(
- strictMode(),
createStatements(rng(5) + 1, recurmax, canThrow, CANNOT_BREAK, CANNOT_CONTINUE, CAN_RETURN, stmtDepth),
'}'
);
@@ -777,7 +779,6 @@ function _createSimpleBinaryExpr(recurmax, noComma, stmtDepth, canThrow) {
return '(' + createUnarySafePrefix() + '(' + _createSimpleBinaryExpr(recurmax, noComma, stmtDepth, canThrow) + '))';
case 2:
assignee = getVarName();
- if (assignee == 'this') assignee = 'a';
return '(' + assignee + createAssignment() + _createBinaryExpr(recurmax, noComma, stmtDepth, canThrow) + ')';
case 3:
assignee = getVarName();
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/uglifyjs.git
More information about the Pkg-javascript-commits
mailing list