JSParser::parsePrimaryExpression should have an overflow check
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 31 Oct 2011 01:50:34 +0000 (01:50 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 31 Oct 2011 01:50:34 +0000 (01:50 +0000)
https://bugs.webkit.org/show_bug.cgi?id=71197

Reviewed by Geoff Garen.

* parser/JSParser.cpp:
(JSC::JSParser::parsePrimaryExpression):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@98834 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/parser/JSParser.cpp

index dc76127..2b0cc3f 100644 (file)
@@ -1,5 +1,15 @@
 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
 
+        JSParser::parsePrimaryExpression should have an overflow check
+        https://bugs.webkit.org/show_bug.cgi?id=71197
+
+        Reviewed by Geoff Garen.
+
+        * parser/JSParser.cpp:
+        (JSC::JSParser::parsePrimaryExpression):
+
+2011-10-30  Filip Pizlo  <fpizlo@apple.com>
+
         DFG ValueAdd(string, int) should not fail speculation
         https://bugs.webkit.org/show_bug.cgi?id=71195
 
index f445259..a8eb4a9 100644 (file)
@@ -2176,6 +2176,7 @@ template <class TreeBuilder> TreeExpression JSParser::parseArrayLiteral(TreeBuil
 
 template <class TreeBuilder> TreeExpression JSParser::parsePrimaryExpression(TreeBuilder& context)
 {
+    failIfStackOverflow();
     switch (m_token.m_type) {
     case OPENBRACE:
         if (strictMode())