Properly decode literal index before CBC_ASSING_MOV

This patch fixes jerryscript-project#3055. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik [email protected]
rerobika · Sep 5, 2019 · 853679a · 853679a
1 parent 142f79c
commit 853679a
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 2 deletions.
diff --git a/jerry-core/parser/js/js-parser.c b/jerry-core/parser/js/js-parser.c
@@ -1803,9 +1803,19 @@ parser_post_processing (parser_context_t *context_p) /**< context */
     byte_code_p += sizeof (cbc_uint8_arguments_t);
   }
 
+  uint16_t encoding_limit;
+  uint16_t encoding_delta;
+
   if (context_p->literal_count > CBC_MAXIMUM_SMALL_VALUE)
   {
     compiled_code_p->status_flags |= CBC_CODE_FLAGS_FULL_LITERAL_ENCODING;
+    encoding_limit = 128;
+    encoding_delta = 0x8000;
+  }
+  else
+  {
+    encoding_limit = 255;
+    encoding_delta = 0xfe01;
   }
 
   if (context_p->status_flags & PARSER_IS_STRICT)
@@ -1951,16 +1961,21 @@ parser_post_processing (parser_context_t *context_p) /**< context */
 
     while (flags & (CBC_HAS_LITERAL_ARG | CBC_HAS_LITERAL_ARG2))
     {
-      uint8_t first_byte = page_p->bytes[offset];
+      uint16_t first_byte = page_p->bytes[offset];
 
       uint8_t *opcode_pos_p = dst_p - 1;
-      *dst_p++ = first_byte;
+      *dst_p++ = (uint8_t) first_byte;
       real_offset++;
       PARSER_NEXT_BYTE_UPDATE (page_p, offset, real_offset);
 
       if (first_byte > literal_one_byte_limit)
       {
         *dst_p++ = page_p->bytes[offset];
+
+        if (first_byte > encoding_limit)
+        {
+          first_byte = (uint16_t) (((first_byte << 8) | dst_p[-1]) - encoding_delta);
+        }
         real_offset++;
       }
       PARSER_NEXT_BYTE_UPDATE (page_p, offset, real_offset);

diff --git a/tests/jerry/regression-test-issue-3055.js b/tests/jerry/regression-test-issue-3055.js
@@ -0,0 +1,19 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+var src = '(function () {'
+for (var i = 0; i < 550; i++) { src += 'var a' + i + ' = 5; ' }
+src += '})()'
+eval(src)