ufuzz failure #3413

alexlamsl · 2019-05-14T12:14:14Z

// original code
// (beautified)
var _calls_ = 10, a = 100, b = 10, c = 0;

try {
    c = c + 1;
} finally {
    switch ((c = c + 1) + (typeof a == "function" && --_calls_ >= 0 && a(-3, a++ + {
        a: --b + [ a++ + (--b + delete ("foo" > 5 & -2 - 23..toString() ^ -4 / 4 & 0 == ([ , 0 ].length === 2)) ? a++ + --b : (c = c + 1) + {
            0: (c = 1 + c, (([ , 0 ].length === 2, 25) | 3 >= "") != (1 === "a") >= "object" + []),
            set length(undefined_2) {
                this.foo += 22 !== ([ , 0 ].length === 2);
            }
        }.var), (c = c + 1) + --b, a && (a.Infinity = (a && (a[(c = 1 + c, (5 <= "bar" != true + "object") * (25 - 23..toString() != "b" * -1))] = undefined == -1)) + (-4 != "function") !== (this > 25 == (/[a2][^e]+$/ && -4))), --b + !b, a++ + a ],
        var: (c = c + 1) + null,
        get null() {
            {
                var expr4 = b--;
                for (var key4 in expr4) {
                    c = 1 + c;
                    var arguments = expr4[key4];
                    try {
                        if (c = 1 + c, ("b" | "undefined") >>> ("b" || "c") == ("b" < -5 == ([ , 0 ].length === 2) <= -0)) {
                            c = 1 + c, (1 == -5) % ("bar" * 5), Infinity % "object" <= (38..toString(), -2);
                        } else {
                            c = 1 + c, a = ("foo" == "undefined" ^ (1 || "a")) > /[a2][^e]+$/ % 2 + (Infinity >= ([ , 0 ].length === 2));
                        }
                    } catch (b_2) {
                        c = 1 + c, ([ , 0 ][1] || -4) != (false ^ 5) & ("object" | 24..toString()) != ("number" ^ []);
                        c = 1 + c, (-3, -2) != "object" / -5 ^ ("b" != -1) > ("c" & -4);
                    } finally {
                        c = 1 + c, (a = 38..toString() ^ 25) < (5 !== "number") <= "c" / undefined - ("number" <= "b");
                        c = 1 + c, c = c + 1, (a = 0 + "bar") || -23..toString();
                    }
                }
            }
            return --b + delete (c = c + 1, (a += -1 ^ [ , 0 ].length === 2) >> (-3 != "object"));
        },
        a: typeof a == "function" && --_calls_ >= 0 && a(),
        "": a++ + (b = a)
    }[--b + (a >>= (c = c + 1) + (typeof arguments_1 != "boolean"))], --b + (typeof f0 == "function" && --_calls_ >= 0 && f0())))) {
      case b--:
        break;

      default:
        {
            var Infinity = function f0() {
                function f1(b_2, c_2) {
                    switch (c = 1 + c, ([ , 0 ].length === 2 ^ null) / (-4 !== "object") << ("bar" && -2) / (null === -2)) {
                      case c = 1 + c, [] <= "a" !== null - -4 ^ ("bar" ^ null) < (this < 38..toString()):
                        ;
                        break;

                      case c = 1 + c, (b_2 += -4 <= {} | "number" == -3) + (-0 <= "" == -4 % 23..toString()):
                        ;
                        break;

                      default:
                        ;

                      case c = 1 + c, (-1 === NaN) < (25 ^ false) ^ "undefined" >>> /[a2][^e]+$/ >= (-4 < /[a2][^e]+$/):
                        ;
                        break;
                    }
                }
                var parseInt_2 = f1(--b + (b = a), (c = c + 1) + (typeof parseInt_2 == "function" && --_calls_ >= 0 && parseInt_2(24..toString())));
                function f2(a_2) {
                    if (c = 1 + c, ([] << 25 | "b" ^ 38..toString()) > (-1 ^ [ , 0 ].length === 2) << (1 << 1)) {
                        c = 1 + c, ("foo" <= -5 || null / false) / ((null ^ "bar") !== (3 != 5));
                    }
                    if (c = 1 + c, !(null || -1) != ((38..toString() | 1) != (parseInt_2 && (parseInt_2.in = (-3, 
                    this))))) {
                        c = 1 + c, ~(-2 || "") <= (undefined > "a" > (a_2 = 38..toString() <= 1));
                    } else {
                        c = 1 + c, ((0, 4) < -"object") >>> (parseInt_2 = (-4 && this) * (false >>> "c"));
                    }
                }
                var b_1 = f2(1, [ (c = 1 + c, parseInt_2 = (("b" && true) >> ("b" !== NaN)) / ((parseInt_2 && (parseInt_2.var += Infinity != this)) * + -1)), (c = 1 + c, 
                b_1 && (b_1[(--b + !function undefined_1() {
                }() || 4).toString()[a++ + (b = a)]] = (+24..toString() == (parseInt_2 = undefined || -1)) * (b_1 && (b_1.c = "number" * 3 | /[a2][^e]+$/ % "")))), (c = 1 + c, 
                "function" + /[a2][^e]+$/ << (3 & -2) | delete ([] ^ "c")), (c = 1 + c, void (NaN * undefined) / (c = c + 1, 
                "" <= 3)), (c = 1 + c, c = c + 1, {} >= 25 | null % 25) ][(c = 1 + c, parseInt_2 && (parseInt_2[(c = c + 1) + a--] = +5 || 2 & 23..toString()) || (b_1 = (5 || "bar") != (b_1 += 4 << "function")))]);
            }("a", false);
        }
        if ((c = c + 1) + (typeof a_2 == "crap")) {
            var b = function Infinity(undefined_1, a_1, foo_2) {
                function f3(arguments_2, a_1, foo_1) {
                    c = 1 + c, "number" < 1 <= (c = c + 1, "") | (null & "" | (a_1 && (a_1[(c = 1 + c, 
                    "c" ^ "object" ^ (true ^ 25) | (23..toString() == {}) * (1, "bar"))] += true % -1)));
                    c = 1 + c, ([] > this) >> 3 + "undefined" <= (24..toString() / "bar" <= (25 >= {}));
                }
                var foo = f3();
                function f4(b_1, foo_2_2, undefined_1) {
                    c = 1 + c, [ , 0 ][1] - "object" === ([ , 0 ].length === 2) % 24..toString() && 25 & "b" ^ (b_1 && (b_1[(c = 1 + c, 
                    (c = c + 1, {}) >>> ("" & 0), 38..toString() / "object" - ({} >= 3))] = -3 * []));
                    c = 1 + c, (NaN - "c") * (NaN || [ , 0 ].length === 2) == -2 < -5 <= /[a2][^e]+$/ + 22;
                }
                var c_1 = f4();
                function f5(foo_1, bar_2) {
                    c = 1 + c, (24..toString() == "bar") >>> ("c" === ([ , 0 ].length === 2)), c = c + 1, 
                    -5, "a" == "b";
                    c = 1 + c, foo_1 && (foo_1.Infinity = 24..toString() / "bar" && !-1) || -4 % "function" ^ -0 << 1;
                }
                var c_1 = f5((c = 1 + c, (undefined_1 = "c" !== "a") << (undefined_1 = 38..toString() / "bar") ^ 4 / [] + (5 ^ Infinity)), 3);
                function f6(foo_2, a, bar_2) {
                    c = 1 + c, ([ , 0 ].length === 2 ^ "" | "undefined" == -3) >> ((-0, "c") && NaN < -3);
                    c = 1 + c, undefined_1 && (undefined_1.null <<= (24..toString(), Infinity, foo_2 = "object" < "c") >> ((a_1 && (a_1.a *= 1 & 3)) !== (c_1 && (c_1[(c = 1 + c, 
                    foo_2 >>= ("function" ^ true) > (true ^ 3) || "bar" * this * ("foo" != -0))] += "b" << ([ , 0 ].length === 2)))));
                }
                var b = f6();
                function f7(b_1, a_1, a_2) {
                    c = 1 + c, (25 >> 23..toString() < (true && -5)) >> (a_1 && (a_1.undefined = "bar" ^ Infinity) || "a" * 38..toString());
                    c = 1 + c, ("number" & false & (-5 ^ 2)) > (([ , 0 ][1] ^ {}) >= "undefined" >>> {});
                }
                var c_1_2 = f7([], (c = 1 + c, void ("object" || -0) === ((-4 && 5) != -0 >> 23..toString())));
            }("b", 1);
        }

      case +(38..toString() >> "object" >> 1 / -3 && ([ , 0 ][1] ^ -3) > (NaN ^ NaN)):
        ;
        break;

      case (c = c + 1) + new function() {
            this[(c = c + 1) + (0 === 1 ? a : b)] ^= (a && (a[a++ + !b] = (((a = -2 < 0) < (23..toString() || "undefined")) >>> (-1 > "function") * ("undefined" != 0)) % (a && (a[a++ + (0 === 1 ? a : b)] = ("" < Infinity | 22 << {}) >>> (2 > -4 == (a && (a.undefined = 2 - false))))) + (Infinity * 2 / (-1 ^ [ , 0 ][1]) & ([] && "a") * ({} == 2)) * ((a = 0 ^ 2) < ("c" | "") !== (undefined >= [ , 0 ][1]) << (-4 && undefined)) < ((c = c + 1, 
            24..toString() != "foo" !== "number" > "b") <= (("foo" !== false && null !== 38..toString()) ^ (a && (a[a++] -= ("bar" | "") ^ 4 >> "function"))) <= (((a >>= 22 === NaN) !== (-3 != "c")) / void ("number" + 25) >= (-0 <= -2 === {} << "b") >> (-3 < this) - (a && (a.NaN = [ , 0 ].length === 2 !== 38..toString())))))) <= ((38..toString() ^ NaN || "" % false || "c" - "bar" !== (a && (a[(c = 1 + c, 
            void false & (-5 ^ 24..toString()) & (25 ^ /[a2][^e]+$/) % (0 >> [ , 0 ][1]))] = 5 && "b"))) != "object" % NaN <= (25 != "function") < ("c" - {} <= (a && (a.NaN = "foo" % /[a2][^e]+$/))) === +(("number" != 22 === (a && (a[(c = 1 + c, 
            a += ("bar" === 3 ^ (0 ^ "object")) !== (-0, -5) >>> (23..toString(), -4))] = -3 !== 5))) + (1 & undefined && -5 < 25)) ^ (void 23..toString() << (true ^ "a") > (false >> 25 || -4 ^ "bar")) + ((true / "c" || -4 + 24..toString()) && (a += -3 % -0) > (-0 !== 23..toString())) + ((true || -5) < (23..toString() | 23..toString()) >= (~[ , 0 ][1] && ([ , 0 ].length === 2) + -2) ^ (a && (a[--b + ((a && (a.c = 3 | undefined)) + ~-1 > (a && (a.in += "" <= /[a2][^e]+$/ > ("b" >= 0))) ? (c = c + 1) + (typeof f5 == "function" && --_calls_ >= 0 && f5()) : function foo() {
            })] = (a && (a.foo |= undefined >>> -1)) / ("a" && 24..toString()) ^ (a += {} % 2 && 5 !== -3))))) && ((a && (a[+function() {
                c = 1 + c, (a && (a[(c = 1 + c, +((a += -1 * "object") < ("object" != "")))] += 22 ^ "a")) + ("c" === 5) || (5 && [ , 0 ].length === 2 || -24..toString());
            }()] = ((c = c + 1, false) && NaN ^ 0) | (-2 != Infinity) > (-0 ^ -3))) & null % Infinity - "b" / "bar" - (38..toString() ^ 24..toString() ^ (-4 | this))) * (((a = 24..toString() - -3 ^ -3 % 0) | (c = c + 1, 
            5 !== null)) * (((a && (a[(c = 1 + c, 4 <= -5 ^ -2 !== 3 ^ (a && (a.c += (-4 ^ -2) + (true > -5))))] = 25 % undefined)) != 22 >> []) * ((c = c + 1, 
            "function") > (-4 >= "object")))) >> ((void ((a = 4 ^ 3) <= /[a2][^e]+$/ + 24..toString()) ^ (a && (a[--b + (++a || a || 3).toString()] = /[a2][^e]+$/ === Infinity | 0 == "b" || (22 << undefined) % ("object" >>> 2)))) <= ((0 != "function" | -1 * "object") & (22 | -1) + ({} == Infinity)) / ((a && (a.in = [ , 0 ][1] == [])) !== -5 / [ , 0 ][1] !== (4 % "undefined" ^ [ , 0 ][1] !== true))) == ((/[a2][^e]+$/ < false) % (1 & "c") / (("undefined" & -3) / (/[a2][^e]+$/ || 3)) ^ void (-1 | 0) !== (Infinity >= "function" || 24..toString() && undefined) || (((a && (a[(c = 1 + c, 
            (23..toString() << NaN & 4 > 23..toString()) << ({} != "function" == (2 != "b")))] += 3 > 23..toString())) < (23..toString() > 38..toString())) + ((38..toString() >> false) + -([ , 0 ].length === 2))) / (a && (a[(c = c + 1) + ++a] = (-5 === undefined) >> ("a" >= 3)) || ("bar" | true) === (-2 | null))) % ((([ , 0 ].length === 2 === [ , 0 ][1] != "object" - undefined) >>> (([] !== -1) <= (c = c + 1, 
            23..toString()))) * ((null || 38..toString()) != -2 < NaN == !("bar" >= 3)) !== ("undefined" - -0 | 5 + {} | (undefined << 25) * (23..toString() % 3)) - (a && (a[--b + ++b] &= ("b" < 2 || 24..toString() / 0) !== (a = (5 || Infinity) * (0 / 23..toString())))));
            {
                var brake36 = 5;
                L171041: while (--b + (typeof a == "function" && --_calls_ >= 0 && a(24..toString(), "number")) && --brake36 > 0) {
                    L171042: for (var brake37 = 5; a++ + (+("" + true <= "function" - "b" != /[a2][^e]+$/ * "undefined" < (-3 & -2)) || 7).toString()[(c = c + 1) + (a++ + (typeof f0 == "function" && --_calls_ >= 0 && f0()) ? a-- : --b + delete a)] && brake37 > 0; --brake37) {
                        for (var brake38 = 5; --b + {} && brake38 > 0; --brake38) {
                            L171043: for (var brake39 = 5; a++ + +((NaN / -3 >= (5 >= {})) - ((38..toString() ^ 2) == this < this)) && brake39 > 0; --brake39) {
                                var a_1 = function f8() {
                                }();
                            }
                        }
                    }
                }
            }
        }():
        break;
    }
    try {
    } finally {
        c = c + 1;
        c = c + 1;
    }
}

for (var brake46 = 5; (false < 24..toString()) * ("b" >>> 0) <= ("" !== 2 == (-1 || undefined)) && brake46 > 0; --brake46) {
    var parseInt_2 = [ --b + ((0 === 1 ? a : b) || a || 3).toString(), delete ("object" !== 2 ^ -3 > 25, 
    "number" <= [] | -4 / "undefined"), a++ + ((b = a) || 1).toString()[a++ + (a++ + [ b |= a, a++ + (a++ + [ (c = 1 + c, 
    (parseInt_2 && (parseInt_2.Infinity += false / -4 < (-4 === null))) - ("" % 38..toString() >>> ("undefined" <= -5))), (c = 1 + c, 
    "bar" > 0 > ("undefined" != -3) == (parseInt_2 && (parseInt_2.a = "a" << 0)) % (3 << undefined)), (c = 1 + c, 
    "undefined" <= 24..toString() > 3 >> 3 != -(Infinity || "object")), (c = 1 + c, 
    !(("bar" - 24..toString()) % (false & "function"))) ] || a || 3).toString(), [ --b + ((c = 1 + c, 
    (parseInt_2 && (parseInt_2.in += "a" == 22 ^ (24..toString() ^ 3))) << (24..toString() != "number" == ("b" && "object"))) ? (c = 1 + c, 
    parseInt_2 && (parseInt_2[a++ + b--] += ("function" != "number") > false - 2 > (1 === null) % (parseInt_2 = 2 - "foo"))) : (c = 1 + c, 
    (24..toString(), "b") % (-3 >= "function") | (null << "c" || 22 == /[a2][^e]+$/))), typeof c_2 != "symbol" ][1 === 1 ? a : b] ])] ][[ ++a, , delete a, a++ + {
        0: --b,
        foo: ~a,
        in: delete b,
        foo: (c = c + 1) + a--,
        0: a++ + ((c = c + 1) + a--)
    }[0 === 1 ? a : b] ].null];
}

console.log(null, a, b, c, Infinity, NaN, undefined);

// uglified code
// (beautified)
var _calls_ = 10, a = 100, b = 10, c = 0;

try {
    c += 1;
} finally {
    switch ((c += 1) + ("function" == typeof a && 0 <= --_calls_ && a(-3, a++ + {
        a: --b + [ a++ + (--b + !0 ? a++ + --b : (c += 1) + {
            0: (c = 1 + c, !0),
            set length(a) {
                this.foo += !0;
            }
        }.var), (c += 1) + --b, a && (a.Infinity = (a && (a[(c = 1 + c, 1)] = !1)) + !0 !== (25 < this == -4)), --b + !b, a++ + a ],
        var: (c += 1) + null,
        get null() {
            var n = b--;
            for (var t in n) {
                c = 1 + c;
                try {
                    c = 1 + (c = 1 + c), a = NaN + (!0 <= Infinity) < 1;
                } catch (a) {
                    c = 1 + (c = 1 + c);
                } finally {
                    a = 63, c = 1 + (c = 1 + c), c += 1, a = "0bar";
                }
            }
            return --b + (c += 1, a += -2, !0);
        },
        a: "function" == typeof a && 0 <= --_calls_ && a(),
        "": a++ + (b = a)
    }[--b + (a >>= (c += 1) + ("boolean" != typeof arguments_1))], --b + ("function" == typeof f0 && 0 <= --_calls_ && f0())))) {
      case b--:
        break;

      default:
        var Infinity = function() {
            var n = function(a) {
                switch (c = 1 + c, 1) {
                  case c = 1 + c, !0 ^ 0 < (this < "38"):
                  case c = 1 + c, (a += 0) + !1:
                    break;

                  default:
                  case c = 1 + c, 0:
                }
            }(--b + (b = a), (c += 1, "function" == typeof n && 0 <= --_calls_ && n("24"))), t = function() {
                c = 1 + (c = 1 + (c = 1 + c)), 0 != (39 != (n && (n.in = this))) ? c = 1 + c : (c = 1 + c, 
                n = 0 * this);
            }((c = 1 + c, n = 0 / (-1 * (n && (n.var += Infinity != this))), c = 1 + c, t && (t[("" + (--b + !0 || 4))[a++ + (b = a)]] = (24 == (n = -1)) * (t && (t.c = 0))), 
            c = 1 + (c = 1 + c), c = 1 + (c += 1), c = 1 + (c += 1), n && (n[(c += 1) + a--] = 5) || (t = 5 != (t += 4))));
        }();
        (c += 1) + ("crap" == typeof a_2) && (c = 1 + c, c = 1 + (c = 1 + (c = 1 + (c = 1 + (c = 1 + (c += 1))))), 
        b = void (c = 1 + (c = 1 + (c = 1 + (c = 1 + (c = 1 + (c = 1 + (c += 1))))))));

      case 0:
      case (c += 1) + new function() {
            this[(c += 1) + b] ^= (a && (a[a++ + !b] = (((a = !0) < "23") >>> 0) % (a && (a[a++ + b] = ("" < Infinity | 22) >>> (1 == (a && (a.undefined = 2))))) + (2 * Infinity / -1 & NaN) * ((a = 2) < 0 !== 0) < (c += 1, 
            !1 <= (!0 ^ (a && (a[a++] -= 4))) <= ((!0 !== (a >>= !1)) / void 0 >= !1 >> (-3 < this) - (a && (a.NaN = !0)))))) <= (38 != !1 < (NaN <= (a && (a.NaN = NaN))) === +((!0 === (a && (a[(c = 1 + c, 
            a += !0)] = !0))) + 0) ^ !0 + (!0 < (a += NaN)) + (!0 ^ (a && (a[--b + ((a && (a.c = 3)) + 0 > (a && (a.in += !0)) ? (c += 1) + ("function" == typeof f5 && 0 <= --_calls_ && f5()) : function() {})] = (a && (a.foo |= 0)) / "24" ^ (a += NaN))))) && ((a && (a[(c = 1 + c, 
            +void (a && (a[(c = 1 + c, +((a += NaN) < !0))] += 22)))] = (c += 1, !1 | -3 < (-2 != Infinity)))) & null % Infinity - NaN - (62 ^ (-4 | this))) * ((a = 27) | (c += 1, 
            !0)) * (22 != (a && (a[(c = 1 + c, 1 ^ (a && (a.c += 3)))] = NaN))) * (c += 1, !1) >> ((void (a = 7) ^ (a && (a[--b + (++a || a || 3).toString()] = /[a2][^e]+$/ === Infinity | !1 || NaN))) <= (1 & -1 + ({} == Infinity)) / ((a && (a.in = !0)) !== -1 / 0 !== 1)) == 1 % (!0 * (!0 >>> (!0 <= (c += 1, 
            "23"))) != 0 - (a && (a[--b + ++b] &= 1 / 0 != (a = 0))));
            for (var n = 5; --b + ("function" == typeof a && 0 <= --_calls_ && a("24", "number")) && 0 < --n; ) {
                for (var t = 5; a++ + "7"[(c += 1) + (a++ + ("function" == typeof f0 && 0 <= --_calls_ && f0()) ? a-- : --b + delete a)] && 0 < t; --t) {
                    for (var i = 5; --b + {} && 0 < i; --i) {
                        for (var f = 5; a++ + +(!1 - (36 == this < this)) && 0 < f; --f) {}
                    }
                }
            }
        }():
    }
    c += 1, c += 1;
}

for (var brake46 = 5; 0 < brake46; --brake46) {
    var parseInt_2 = [ --b + (b || a || 3).toString(), !0, a++ + ((b = a) || 1).toString()[a++ + (a++ + [ b |= a, a++ + (a++ + [ (c = 1 + c, 
    (parseInt_2 && (parseInt_2.Infinity += !1)) - 0), (c = 1 + c, 0 == (parseInt_2 && (parseInt_2.a = 0)) % 3), (c = 1 + c, 
    0 != -(Infinity || "object")), (c = 1 + c, !0) ] || a || 3).toString(), [ --b + (c = 1 + c, 
    (parseInt_2 && (parseInt_2.in += 27)) << !1 ? (c = 1 + c, parseInt_2 && (parseInt_2[a++ + b--] += !1 % (parseInt_2 = NaN) < !0)) : (c = 1 + c, 
    0)), "symbol" != typeof c_2 ][a] ])] ][[ ++a, , delete a, a++ + {
        0: --b,
        foo: ~a,
        in: delete b,
        foo: (c += 1) + a--,
        0: a++ + ((c += 1) + a--)
    }[b] ].null];
}

console.log(null, a, b, c, Infinity, NaN, void 0);

original result:
�[1mnull�[22m �[33m34�[39m �[33m29�[39m �[33m88�[39m �[90mundefined�[39m �[33mNaN�[39m �[90mundefined�[39m

uglified result:
�[1mnull�[22m �[33m34�[39m �[33m29�[39m �[33m86�[39m �[90mundefined�[39m �[33mNaN�[39m �[90mundefined�[39m

minify(options):
{
  "compress": {
    "keep_fargs": false,
    "passes": 1000000,
    "sequences": 1000000,
    "unsafe": true,
    "unsafe_Function": true,
    "unsafe_math": true,
    "unsafe_proto": true,
    "unsafe_regexp": true
  }
}

The text was updated successfully, but these errors were encountered:

fixes mishoo#3413

fixes #3413

alexlamsl added the bug label May 14, 2019

alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue May 14, 2019

fix corner case in comparisons

0ab7eb6

fixes mishoo#3413

alexlamsl mentioned this issue May 14, 2019

fix corner case in comparisons #3414

Merged

alexlamsl closed this as completed in #3414 May 14, 2019

alexlamsl added a commit that referenced this issue May 14, 2019

fix corner case in comparisons (#3414)

1f0def1

fixes #3413

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ufuzz failure #3413

ufuzz failure #3413

alexlamsl commented May 14, 2019

ufuzz failure #3413

ufuzz failure #3413

Comments

alexlamsl commented May 14, 2019