Fuzzing bug: constant folding of ternary operator and IfNode with constant test

XMLWordPrintable

    • Type: Sub-task
    • Resolution: Fixed
    • Priority: P3
    • 9
    • Affects Version/s: 8u60
    • Component/s: core-libs
    • None
    • b43
    • generic
    • generic

        jjs> try{ (function(){ if(false ? (-1) : '' ) {throw false;} else if (x = this) {var x = x; } })() } catch(e) { e.printStackTrace() }
        java.lang.NullPointerException
           at jdk.nashorn.internal.codegen.MethodEmitter.pushType(MethodEmitter.java:258)
           at jdk.nashorn.internal.codegen.MethodEmitter.loadUndefined(MethodEmitter.java:779)
           at jdk.nashorn.internal.codegen.MethodEmitter.emitLocalVariableConversion(MethodEmitter.java:2517)
           at jdk.nashorn.internal.codegen.MethodEmitter.beforeJoinPoint(MethodEmitter.java:2492)
           at jdk.nashorn.internal.codegen.CodeGenerator.leaveBlock(CodeGenerator.java:1126)
           at jdk.nashorn.internal.ir.Block.accept(Block.java:178)
           at jdk.nashorn.internal.ir.LexicalContextNode$Acceptor.accept(LexicalContextNode.java:57)
           at jdk.nashorn.internal.ir.Block.accept(Block.java:425)
           at jdk.nashorn.internal.codegen.CodeGenerator.enterIfNode(CodeGenerator.java:2025)
           at jdk.nashorn.internal.ir.IfNode.accept(IfNode.java:86)
           ...

              Assignee:
              Attila Szegedi
              Reporter:
              Marcus Lagergren
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: