test/fuzzer · 0b2edc409742feb9f5531f8db637cc3d27766ae7 · Linshizhi / V8

[fuzzers] Support parsing failures in regexp-builtins fuzzer · 0b2edc40

jgruber authored Jan 31, 2018

The fuzzer found a couple of cases that exploited comments of the
form:

  function test() {
    const re = /*.../;
    const str = '...*/...';
    let result;
    try { result = re.exec(str); } catch (e) { /* ... */ }
  }

Note that the first line does not contain a regexp literal, it starts
a comment instead. The second line terminates the comment.

This fixes detection of such cases by initializing `result` to null.

TBR=yangguo@chromium.org

Bug: chromium:805970
Change-Id: I5d46db9892e2b4e71cdc2907cebf07a2e33b7a0e
Reviewed-on: https://chromium-review.googlesource.com/894403Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50991}

0b2edc40

Name	Last commit	Last update
..
json		Loading commit data...
multi_return		Loading commit data...
parser		Loading commit data...
regexp		Loading commit data...
regexp_builtins		Loading commit data...
wasm		Loading commit data...
wasm_async		Loading commit data...
wasm_call		Loading commit data...
wasm_code		Loading commit data...
wasm_compile		Loading commit data...
wasm_data_section		Loading commit data...
wasm_function_sigs_section		Loading commit data...
wasm_globals_section		Loading commit data...
wasm_imports_section		Loading commit data...
wasm_memory_section		Loading commit data...
wasm_names_section		Loading commit data...
wasm_types_section		Loading commit data...
DEPS		Loading commit data...
README.md		Loading commit data...
fuzzer-support.cc		Loading commit data...
fuzzer-support.h		Loading commit data...
fuzzer.cc		Loading commit data...
fuzzer.isolate		Loading commit data...
fuzzer.status		Loading commit data...
json.cc		Loading commit data...
multi-return.cc		Loading commit data...
parser.cc		Loading commit data...
regexp-builtins.cc		Loading commit data...
regexp.cc		Loading commit data...
testcfg.py		Loading commit data...
wasm-async.cc		Loading commit data...
wasm-call.cc		Loading commit data...
wasm-code.cc		Loading commit data...
wasm-compile.cc		Loading commit data...
wasm-data-section.cc		Loading commit data...
wasm-function-sigs-section.cc		Loading commit data...
wasm-fuzzer-common.cc		Loading commit data...
wasm-fuzzer-common.h		Loading commit data...
wasm-globals-section.cc		Loading commit data...
wasm-imports-section.cc		Loading commit data...
wasm-memory-section.cc		Loading commit data...
wasm-names-section.cc		Loading commit data...
wasm-types-section.cc		Loading commit data...
wasm.cc		Loading commit data...
wasm_corpus.tar.gz.sha1		Loading commit data...

README.md