Closed Bug 1258097 Opened 4 years ago Closed 4 years ago

Assertion failure: oldDecl->isBound(), at js/src/frontend/Parser.cpp:455

Categories

(Core :: JavaScript Engine, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla48
Tracking Status
firefox48 --- fixed

People

(Reporter: arai, Assigned: jonco)

Details

(Keywords: sec-audit, Whiteboard: [adv-main48-])

Attachments

(1 file)

revision:
  mozilla-inbound d1fca8995788

configure flag:
  --enable-debug --disable-optimize --enable-warnings-as-errors --enable-nspr-build

code:
  Reflect.parse("import x from 'y'; function x() {}", { target: "module" });

result:
  it crashes with assertion failure in ParseContext<ParseHandler>::updateDecl:

https://dxr.mozilla.org/mozilla-central/rev/9c5d494d05485aebf3fedf649abc0e7ae9d2dcf2/js/src/frontend/Parser.cpp#455
>     MOZ_ASSERT(oldDecl->isBound());


setting security sensitive, just in case.
Group: core-security → javascript-core-security
Jon, could you take a look?
Flags: needinfo?(jcoppeard)
Sure, looking...
Assignee: nobody → jcoppeard
Flags: needinfo?(jcoppeard)
Keywords: sec-audit
We just need to check whether the definition was an import when redeclaring something as a function.  Also passing the definition kind reportRedeclaration() gives a better error message.
Attachment #8736689 - Flags: review?(shu)
Comment on attachment 8736689 [details] [diff] [review]
bug1258097-import-redeclared-as-function

Review of attachment 8736689 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks!

I don't think this is s-s. Any objections?
Attachment #8736689 - Flags: review?(shu) → review+
Group: javascript-core-security
https://hg.mozilla.org/mozilla-central/rev/19bd9167df87
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Whiteboard: [adv-main48-]
You need to log in before you can comment on or make changes to this bug.