Bug 1258379 - prevent null pointer derefence on |last|. r?jorendorff
MozReview-Commit-ID: HkW8HzKqjxG
--- a/js/src/frontend/Parser.cpp
+++ b/js/src/frontend/Parser.cpp
@@ -4118,27 +4118,29 @@ Parser<ParseHandler>::bindVar(BindData<P
// (Ideally, the 'e' in 'e = 42' can be linked up as a use to the
// def of the catch parameter. However, in practice this is messy
// because we then need to emit the synthesized var name node to
// ensure that functionless scopes get the proper DEFVAR emits.)
parser->handler.setFlag(pn, PND_DEOPTIMIZED);
// Synthesize a new 'var' binding if one does not exist.
DefinitionNode last = pc->decls().lookupLast(name);
- Definition::Kind lastKind = parser->handler.getDefinitionKind(last);
- if (last && lastKind != Definition::VAR && lastKind != Definition::ARG) {
- parser->handler.setFlag(parser->handler.getDefinitionNode(last), PND_CLOSED);
-
- Node synthesizedVarName = parser->newName(name);
- if (!synthesizedVarName)
- return false;
- if (!pc->define(parser->tokenStream, name, synthesizedVarName, Definition::VAR,
- /* declaringVarInCatchBody = */ true))
- {
- return false;
+ if (last) {
+ Definition::Kind lastKind = parser->handler.getDefinitionKind(last);
+ if (lastKind != Definition::VAR && lastKind != Definition::ARG) {
+ parser->handler.setFlag(parser->handler.getDefinitionNode(last), PND_CLOSED);
+
+ Node synthesizedVarName = parser->newName(name);
+ if (!synthesizedVarName)
+ return false;
+ if (!pc->define(parser->tokenStream, name, synthesizedVarName, Definition::VAR,
+ /* declaringVarInCatchBody = */ true))
+ {
+ return false;
+ }
}
}
}
/*
* There was a previous declaration with the same name. The standard
* disallows several forms of redeclaration. Critically,
* let (x) { var x; } // error