LibJS: Fix start position of multi-line tokens

This broke in case of unterminated regular expressions, causing goofy location numbers, and 'source_location_hint' to eat up all memory: Unexpected token UnterminatedRegexLiteral. Expected statement (line: 2, column: 4294967292)
Author: https://github.com/BenWiederhake Commit: https://github.com/SerenityOS/serenity/commit/5d3c437ccea Pull-request: https://github.com/SerenityOS/serenity/pull/3398 Reviewed-by: https://github.com/awesomekling Reviewed-by: https://github.com/nico
2020-08-29 19:40:28 +02:00 · 2020-08-29 19:40:28 +02:00 · 5d3c437cce · 2024-07-19 02:45:29 +09:00
commit 5d3c437cce
parent 0d3a8d5397
2 changed files with 23 additions and 15 deletions
--- a/Libraries/LibJS/Lexer.cpp
+++ b/Libraries/LibJS/Lexer.cpp
@ -248,17 +248,17 @@ bool Lexer::slash_means_division() const
 {
    auto type = m_current_token.type();
    return type == TokenType::BigIntLiteral
-           || type == TokenType::BoolLiteral
-           || type == TokenType::BracketClose
-           || type == TokenType::CurlyClose
-           || type == TokenType::Identifier
-           || type == TokenType::NullLiteral
-           || type == TokenType::NumericLiteral
-           || type == TokenType::ParenClose
-           || type == TokenType::RegexLiteral
-           || type == TokenType::StringLiteral
-           || type == TokenType::TemplateLiteralEnd
-           || type == TokenType::This;
+        || type == TokenType::BoolLiteral
+        || type == TokenType::BracketClose
+        || type == TokenType::CurlyClose
+        || type == TokenType::Identifier
+        || type == TokenType::NullLiteral
+        || type == TokenType::NumericLiteral
+        || type == TokenType::ParenClose
+        || type == TokenType::RegexLiteral
+        || type == TokenType::StringLiteral
+        || type == TokenType::TemplateLiteralEnd
+        || type == TokenType::This;
 }

 Token Lexer::next()
@ -292,6 +292,8 @@ Token Lexer::next()
    }

    size_t value_start = m_position;
+    size_t value_start_line_number = m_line_number;
+    size_t value_start_column_number = m_line_column;
    auto token_type = TokenType::Invalid;

    if (m_current_token.type() == TokenType::RegexLiteral && !is_eof() && isalpha(m_current_char)) {
@ -511,8 +513,8 @@ Token Lexer::next()
        token_type,
        m_source.substring_view(trivia_start - 1, value_start - trivia_start),
        m_source.substring_view(value_start - 1, m_position - value_start),
-        m_line_number,
-        m_line_column - m_position + value_start);
+        value_start_line_number,
+        value_start_column_number);

    return m_current_token;
 }
--- a/Meta/Lagom/Fuzzers/FuzzJs.cpp
+++ b/Meta/Lagom/Fuzzers/FuzzJs.cpp
@ -36,7 +36,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
    auto lexer = JS::Lexer(js);
    auto parser = JS::Parser(lexer);
    parser.parse_program();
-    if (parser.has_errors())
-        parser.print_errors();
+    if (parser.has_errors()) {
+        for (auto& error : parser.errors()) {
+            if (error.line >= 100000 || error.column >= 100000) {
+                fprintf(stderr, "%s\n", error.to_string().characters());
+                ASSERT_NOT_REACHED();
+            }
+        }
+    }
    return 0;
 }