test · 0b2edc409742feb9f5531f8db637cc3d27766ae7 · Linshizhi / V8

[fuzzers] Support parsing failures in regexp-builtins fuzzer · 0b2edc40

jgruber authored Jan 31, 2018

The fuzzer found a couple of cases that exploited comments of the
form:

  function test() {
    const re = /*.../;
    const str = '...*/...';
    let result;
    try { result = re.exec(str); } catch (e) { /* ... */ }
  }

Note that the first line does not contain a regexp literal, it starts
a comment instead. The second line terminates the comment.

This fixes detection of such cases by initializing `result` to null.

TBR=yangguo@chromium.org

Bug: chromium:805970
Change-Id: I5d46db9892e2b4e71cdc2907cebf07a2e33b7a0e
Reviewed-on: https://chromium-review.googlesource.com/894403Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50991}

0b2edc40

Name	Last commit	Last update
..
benchmarks		Loading commit data...
cctest		Loading commit data...
common		Loading commit data...
debugger		Loading commit data...
fuzzer		Loading commit data...
inspector		Loading commit data...
intl		Loading commit data...
js-perf-test		Loading commit data...
memory		Loading commit data...
message		Loading commit data...
mjsunit		Loading commit data...
mkgrokdump		Loading commit data...
mozilla		Loading commit data...
preparser		Loading commit data...
test262		Loading commit data...
unittests		Loading commit data...
wasm-spec-tests		Loading commit data...
webkit		Loading commit data...
BUILD.gn		Loading commit data...
bot_default.isolate		Loading commit data...
d8_default.isolate		Loading commit data...
default.isolate		Loading commit data...
optimize_for_size.isolate		Loading commit data...
perf.isolate		Loading commit data...