[Webkit-unassigned] [Bug 141070] Crash in uninitialized deconstructing variable.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 30 11:26:44 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=141070
--- Comment #5 from Saam Barati <saambarati1 at gmail.com> ---
(In reply to comment #0)
> I think this bug is related with
> https://bugs.webkit.org/show_bug.cgi?id=135545
> variable declarations with no initializer, something like 'var {A};' or 'var
> [A];', make crash.
> these declarations also need AST nodes.
>From reading the spec, I don't think this is valid. If you refer to section 13.2.2, it says that all BindingPattern nodes inside a variable declaration must have an accompanying initializer. That said, JSC should definitely not crash on this. We should raise a parsing error.
I think this can be fixed inside Parser::parseVarDeclarationList on line 489+ by raising a parse error for any deconstruction pattern node that does not contain a rhs.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150130/9929d50c/attachment-0001.html>
More information about the webkit-unassigned
mailing list