Fix memory leak when using continue or break statement with syntaxError

This patch fixes jerryscript-project#5062.

JerryScript-DCO-1.0-Signed-off-by: Gergo Csizi [email protected]

Author: gergocs

jerry-core/parser/js/js-parser-internal.h

@@ -591,6 +591,7 @@ typedef struct
   ecma_value_t tagged_template_literal_cp; /**< compessed pointer to the tagged template literal collection */
   parser_private_context_t *private_context_p; /**< private context */
   uint8_t stack_top_uint8; /**< top byte stored on the stack */
+  parser_list_t branch_list; /**< list of branches */
 
 #ifndef JERRY_NDEBUG
   /* Variables for debugging / logging. */

jerry-core/parser/js/js-parser-statm.c

@@ -2053,7 +2053,6 @@ parser_parse_case_statement (parser_context_t *context_p) /**< context */
   parser_stack_iterator_write (&iterator, &switch_statement, sizeof (parser_switch_statement_t));
 
   parser_set_branch_to_current_position (context_p, &branch_p->branch);
-  parser_free (branch_p, sizeof (parser_branch_node_t));
 } /* parser_parse_case_statement */
 
 /**

jerry-core/parser/js/js-parser-util.c

@@ -540,7 +540,7 @@ parser_emit_cbc_forward_branch_item (parser_context_t *context_p, /**< context *
    * the branch is constructed locally, and copied later. */
   parser_emit_cbc_forward_branch (context_p, opcode, &branch);
 
-  new_item = (parser_branch_node_t *) parser_malloc (context_p, sizeof (parser_branch_node_t));
+  new_item = (parser_branch_node_t *) parser_list_append (context_p, &context_p->branch_list);
   new_item->branch = branch;
   new_item->next_p = next_p;
   return new_item;
@@ -730,7 +730,6 @@ parser_set_breaks_to_current_position (parser_context_t *context_p, /**< context
     {
       parser_set_branch_to_current_position (context_p, &current_p->branch);
     }
-    parser_free (current_p, sizeof (parser_branch_node_t));
     current_p = next_p;
   }
 } /* parser_set_breaks_to_current_position */

jerry-core/parser/js/js-parser.c

@@ -2140,6 +2140,9 @@ parser_parse_source (void *source_p, /**< source code */
   context.scope_stack_global_end = 0;
   context.tagged_template_literal_cp = JMEM_CP_NULL;
   context.private_context_p = NULL;
+  parser_list_init (&context.branch_list,
+                    sizeof (parser_branch_node_t),
+                    (uint32_t) ((128 - sizeof (void *)) / sizeof (parser_branch_node_t)));
 
 #ifndef JERRY_NDEBUG
   context.context_stack_depth = 0;
@@ -2293,6 +2296,7 @@ parser_parse_source (void *source_p, /**< source code */
     JERRY_ASSERT (!(context.status_flags & PARSER_HAS_LATE_LIT_INIT));
 
     compiled_code_p = parser_post_processing (&context);
+    parser_list_free (&context.branch_list);
     parser_list_free (&context.literal_pool);
 
     /* When parsing is successful, only the dummy value can be remained on the stack. */
@@ -2366,11 +2370,6 @@ parser_parse_source (void *source_p, /**< source code */
   }
   PARSER_CATCH
   {
-    if (context.last_statement.current_p != NULL)
-    {
-      parser_free_jumps (context.last_statement);
-    }
-
     parser_free_allocated_buffer (&context);
 
     scanner_cleanup (&context);
@@ -2383,6 +2382,7 @@ parser_parse_source (void *source_p, /**< source code */
 #endif /* JERRY_MODULE_SYSTEM */
 
     compiled_code_p = NULL;
+    parser_list_free (&context.branch_list);
     parser_free_literals (&context.literal_pool);
     parser_cbc_stream_free (&context.byte_code);
 

tests/jerry/fail/regression-test-issue-5062.js

@@ -0,0 +1,15 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+( async ( ) => { for await ( const b of n ) { continue ;

tools/run-tests.py

@@ -50,6 +50,7 @@ def skip_if(condition, desc):
 OPTIONS_DOCTESTS = ['--doctests=on', '--jerry-cmdline=off', '--error-messages=on',
                     '--snapshot-save=on', '--snapshot-exec=on', '--vm-exec-stop=on']
 OPTIONS_PROMISE_CALLBACK = ['--promise-callback=on']
+OPTIONS_HEAP_SIZE = ['--mem-heap=1024']
 
 # Test options for unittests
 JERRY_UNITTESTS_OPTIONS = [
@@ -67,15 +68,15 @@ def skip_if(condition, desc):
 # Test options for jerry-tests
 JERRY_TESTS_OPTIONS = [
     Options('jerry_tests',
-            OPTIONS_COMMON +  OPTIONS_STACK_LIMIT + OPTIONS_GC_MARK_LIMIT + OPTIONS_MEM_STRESS),
+            OPTIONS_COMMON +  OPTIONS_STACK_LIMIT + OPTIONS_HEAP_SIZE + OPTIONS_GC_MARK_LIMIT + OPTIONS_MEM_STRESS),
     Options('jerry_tests-snapshot',
-            OPTIONS_COMMON + OPTIONS_SNAPSHOT + OPTIONS_STACK_LIMIT + OPTIONS_GC_MARK_LIMIT,
+            OPTIONS_COMMON + OPTIONS_SNAPSHOT + OPTIONS_HEAP_SIZE + OPTIONS_STACK_LIMIT + OPTIONS_GC_MARK_LIMIT,
             ['--snapshot']),
     Options('jerry_tests-cpointer_32bit',
-            OPTIONS_COMMON + OPTIONS_STACK_LIMIT + OPTIONS_GC_MARK_LIMIT
-            + ['--cpointer-32bit=on', '--mem-heap=1024']),
+            OPTIONS_COMMON + OPTIONS_STACK_LIMIT + OPTIONS_HEAP_SIZE + OPTIONS_GC_MARK_LIMIT
+            + ['--cpointer-32bit=on']),
     Options('jerry_tests-external_context',
-            OPTIONS_COMMON + OPTIONS_STACK_LIMIT + OPTIONS_GC_MARK_LIMIT
+            OPTIONS_COMMON + OPTIONS_STACK_LIMIT + OPTIONS_HEAP_SIZE + OPTIONS_GC_MARK_LIMIT
             + ['--external-context=on']),
 ]