Closed Bug 695238 Opened 14 years ago Closed 14 years ago

Reflect.parse doesn't reject missing RHS in object literals

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla10

People

(Reporter: dherman, Assigned: dherman)

References

Details

(Whiteboard: reflect-parse)

Attachments

(1 file)

checks PNX_DESTRUCT bit on TOK_RC expression nodes
3.50 KB, patch
jorendorff
: review+
Details | Diff | Splinter Review
This should fail: Reflect.parse("({foo})") but doesn't. The problem is that jsemit.cpp does the check (and throws a TypeError with JSMSG_BAD_OBJECT_INIT), and jsreflect.cpp is not doing the same check. Fix should be easy: just check for the PNX_DESTRUCT bit, same as jsemit.cpp. Dave
CC'ing Jesse, who may want to feed his fuzzer with some tasty new inputs. Dave
Attachment #567654 - Flags: review?(jorendorff)
Attachment #567654 - Flags: review?(jorendorff) → review+
Flags: in-testsuite+
Target Milestone: --- → mozilla10
https://hg.mozilla.org/mozilla-central/rev/feeee0906588
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: