Last Comment Bug 657713 - eval JSON parser hack misfires in strict mode, for objects with duplicate property names
: eval JSON parser hack misfires in strict mode, for objects with duplicate pro...
Status: RESOLVED FIXED
fixed-in-tracemonkey
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla6
Assigned To: Jeff Walden [:Waldo] (remove +bmo to email)
:
Mentors:
Depends on:
Blocks: 578216
  Show dependency treegraph
 
Reported: 2011-05-17 11:54 PDT by Jeff Walden [:Waldo] (remove +bmo to email)
Modified: 2011-05-23 14:09 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch and test (3.12 KB, patch)
2011-05-17 12:24 PDT, Jeff Walden [:Waldo] (remove +bmo to email)
n.nethercote: review+
Details | Diff | Splinter Review

Description Jeff Walden [:Waldo] (remove +bmo to email) 2011-05-17 11:54:58 PDT
js> "use strict"; eval('({"a": 2, "a": 3})')
({a:3})

The eval code is strict mode code, and in strict mode object literals can't have repeated property names.

WebKit dodged this bullet by not doing a JSON-parse in strict mode, which is how I discovered the issue.  That's probably the easiest fix, arguably even the best one -- it provides the right incentives for people parsing JSON with eval to switch.
Comment 1 Jeff Walden [:Waldo] (remove +bmo to email) 2011-05-17 12:24:25 PDT
Created attachment 533039 [details] [diff] [review]
Patch and test
Comment 2 Nicholas Nethercote [:njn] 2011-05-17 16:53:49 PDT
Comment on attachment 533039 [details] [diff] [review]
Patch and test

Review of attachment 533039 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for fixing the fallout from my dirty hack.
Comment 3 Jeff Walden [:Waldo] (remove +bmo to email) 2011-05-18 14:37:19 PDT
http://hg.mozilla.org/tracemonkey/rev/e03a5e6e68da

I'm too lazy to check, but this arguably might not properly be your fallout, because I don't think we treated {a:1,a:2} as a strict mode error until after the JSON parser hack landed, and the duplicate-property-error failure would likely fall on the code that implemented that as a strict mode error.  But whatever, fixed now.
Comment 4 Chris Leary [:cdleary] (not checking bugmail) 2011-05-23 14:09:51 PDT
cdleary-bot mozilla-central merge info:
http://hg.mozilla.org/mozilla-central/rev/e03a5e6e68da

Note You need to log in before you can comment on or make changes to this bug.