From 44eb850b2e0f27c3664b840fcc20c3b846e0818a Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@qt.io>
Date: Fri, 12 Oct 2018 08:50:24 +0200
Subject: Abort parsing on error

The visit() methods need to return false on parse errors, so
that we don't continue iterating into that subtree of the AST,
but rather exit as quickly as possible.

Task-number: QTBUG-71090
Change-Id: I1912d955a0ffc86389a4cbbb3b6ac0209c3c556a
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/compiler/qv4codegen.cpp      | 31 ++++++++++++++-----------------
 tests/auto/qml/v4misc/tst_v4misc.cpp |  1 +
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/src/qml/compiler/qv4codegen.cpp b/src/qml/compiler/qv4codegen.cpp
index f513184279..f332a66bd0 100644
--- a/src/qml/compiler/qv4codegen.cpp
+++ b/src/qml/compiler/qv4codegen.cpp
@@ -2054,7 +2054,7 @@ Codegen::Arguments Codegen::pushTemplateArgs(TemplateLiteral *args)
 bool Codegen::visit(ConditionalExpression *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
     TailCallBlocker blockTailCalls(this);
@@ -3196,7 +3196,7 @@ bool Codegen::visit(DebuggerStatement *)
 bool Codegen::visit(DoWhileStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
 
@@ -3226,16 +3226,13 @@ bool Codegen::visit(DoWhileStatement *ast)
 
 bool Codegen::visit(EmptyStatement *)
 {
-    if (hasError)
-        return true;
-
     return false;
 }
 
 bool Codegen::visit(ExpressionStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
     TailCallBlocker blockTailCalls(this);
@@ -3254,7 +3251,7 @@ bool Codegen::visit(ExpressionStatement *ast)
 bool Codegen::visit(ForEachStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
     TailCallBlocker blockTailCalls(this);
@@ -3270,7 +3267,7 @@ bool Codegen::visit(ForEachStatement *ast)
         ControlFlowBlock controlFlow(this, ast);
         Reference expr = expression(ast->expression);
         if (hasError)
-            return true;
+            return false;
 
         expr.loadInAccumulator();
         Instruction::GetIterator iteratorObjInstr;
@@ -3348,7 +3345,7 @@ bool Codegen::visit(ForEachStatement *ast)
 bool Codegen::visit(ForStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
     TailCallBlocker blockTailCalls(this);
@@ -3391,7 +3388,7 @@ bool Codegen::visit(ForStatement *ast)
 bool Codegen::visit(IfStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
     TailCallBlocker blockTailCalls(this);
@@ -3423,7 +3420,7 @@ bool Codegen::visit(IfStatement *ast)
 bool Codegen::visit(LabelledStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
 
@@ -3471,7 +3468,7 @@ void Codegen::emitReturn(const Reference &expr)
 bool Codegen::visit(ReturnStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     if (_functionContext->contextType != ContextType::Function && _functionContext->contextType != ContextType::Binding) {
         throwSyntaxError(ast->returnToken, QStringLiteral("Return statement outside of function"));
@@ -3494,7 +3491,7 @@ bool Codegen::visit(ReturnStatement *ast)
 bool Codegen::visit(SwitchStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     if (requiresReturnValue)
         Reference::fromConst(this, Encode::undefined()).storeOnStack(_returnAddress);
@@ -3628,7 +3625,7 @@ void Codegen::handleTryFinally(TryStatement *ast)
 bool Codegen::visit(TryStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
 
@@ -3644,7 +3641,7 @@ bool Codegen::visit(TryStatement *ast)
 bool Codegen::visit(VariableStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     variableDeclarationList(ast->declarations);
     return false;
@@ -3653,7 +3650,7 @@ bool Codegen::visit(VariableStatement *ast)
 bool Codegen::visit(WhileStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     if (AST::cast<FalseLiteral *>(ast->expression))
         return false;
@@ -3682,7 +3679,7 @@ bool Codegen::visit(WhileStatement *ast)
 bool Codegen::visit(WithStatement *ast)
 {
     if (hasError)
-        return true;
+        return false;
 
     RegisterScope scope(this);
     TailCallBlocker blockTailCalls(this);
diff --git a/tests/auto/qml/v4misc/tst_v4misc.cpp b/tests/auto/qml/v4misc/tst_v4misc.cpp
index a080826e15..e1796d18b4 100644
--- a/tests/auto/qml/v4misc/tst_v4misc.cpp
+++ b/tests/auto/qml/v4misc/tst_v4misc.cpp
@@ -111,6 +111,7 @@ void tst_v4misc::parserMisc_data()
 
     QTest::newRow("8[++i][+++i]") << QString("ReferenceError: Prefix ++ operator applied to value that is not a reference.");
     QTest::newRow("`a${1++}`") << QString("ReferenceError: Invalid left-hand side expression in postfix operation");
+    QTest::newRow("for (var f in ++!binaryMathg) ;") << QString("ReferenceError: Prefix ++ operator applied to value that is not a reference.");
 }
 
 void tst_v4misc::parserMisc()
-- 
cgit v1.2.3