Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ufuzz failure #3480

Closed
alexlamsl opened this issue Oct 15, 2019 · 0 comments · Fixed by #3481
Closed

ufuzz failure #3480

alexlamsl opened this issue Oct 15, 2019 · 0 comments · Fixed by #3481
Labels
bug

Comments

@alexlamsl
Copy link
Collaborator 

// original code
//

var _calls_ = 10, a = 100, b = 10, c = 0;
c = c + 1;
L11593: {{var brake3 = 5; while (((({
3:((a/* ignore */++)),
b:((+function b(){

;
{var a_2 = function f0(){

try {(c = 1 + c, ((a && (a.var+=(("function"|2)<=(a=("c">>>({}))))))<<((c = c + 1, (-2))<=([,0][1]^23..toString())))); } catch (b) { ; } finally { ; }
{var brake8 = 5; do {(c = 1 + c, (c = c + 1, (([]^ /[a2][^e]+$/ )>(c = c + 1, 24 .toString()))));} while (((c = 1 + c, ((((-2)%-0)===((-2)!==(-1)))&(("function"*([,0].length === 2))===( /[a2][^e]+$/ |(-1)))))) && --brake8 > 0);}

}
((a++ + ( /[abc4]/.test((((c = 1 + c, (((a_2 && (a_2[(c = 1 + c, ((("function"&&22)^("function"!==(-2))),(("a"&&25. )^(false<<[,0][1]))))]=(({})===3))),(([,0].length === 2)&NaN)),(("b" + (-2))>>>("c"!=(-3)))))) || b || 5).toString()) )));}
try {((c = c + 1) + (~b)); } finally { if ((a_2)){;}
((--b) + (a_2=(c = 1 + c, ((([]<4)^(c = c + 1, 0))!=(("b" + "") - (NaN<<1))))));
 }
;

}())),
})[(typeof a == "function" && --_calls_ >= 0 && a())])) && --brake3 > 0){var brake16 = 5; do {{{var expr18 = (((((-1) - NaN)==((-3)||"a"))*(("foo"<<2)||(-0^0x26.toString())))); L11594:  for (var key18 in expr18) {c = 1 + c; var bar_2 = expr18[key18]; ;}}
{var brake20 = 5; L11595: while ((([(void a), ((c = c + 1) + (!((((false^1)||(([,0].length === 2)*"object"))>>((([,0].length === 2) - 5)^("function"<=NaN)))))), ((c = c + 1) + (b *= a)), ((--b) + ((-1))), ][((c = c + 1) + (function b(){

{ return (c = 1 + c, (bar_2 && (bar_2.var|=((bar_2 && (bar_2[((c = c + 1) + ([(c = 1 + c, ((c = c + 1, (bar_2-=(5*24 .toString())))|((bar_2+=("c" - false))^("b" + 4)))), (c = 1 + c, ((("undefined"!=5)&(c = c + 1, null)) - ((-0<(-5)) - (24 .toString()*(-1))))), (c = 1 + c, ((("a"%5) - (22!==24 .toString()))>(( /[a2][^e]+$/ <([,0].length === 2))>("function"<(-1))))), ]))]=(([]<<4)%((-1)||"a")))) - ((0^3)>>(c = c + 1, "number"))))))}
try {(c = 1 + c, (bar_2 && (bar_2[( /[abc4]/.test((((!((bar_2=(((delete (true))|("a"&[]))*((([,0].length === 2)^"a")>>("undefined"!==NaN))))))) || b || 5).toString()) )]<<=(((delete ("b"))<<("object"/"undefined"))<(("object"%-0)<<(23..toString()|"a")))))); } catch (bar_2) { ; } finally { ; }
if ((c = 1 + c, ((("number"&25. )>(bar_2 && (bar_2[(c = 1 + c, (((2 - Infinity),(({})^(-4))) + (("b"===false)/(2 - 3))))]/=(null>"object"))))|(([,0][1]>=0)^("object"^22)))))(c = 1 + c, ((bar_2 && (bar_2.a=(("c"*({}))<=(c = c + 1, []))))>=(!((false>>>"undefined"))))); else (c = 1 + c, (((5||"b")<<(null<<"number"))!=(+(([]!=="number")))));

}))])) && --brake20 > 0)c = c + 1;}
{var expr28 = ((--b) + (1 === 1 ? a : b));  for (var key28 in expr28) {{var brake29 = 5; do {{var brake30 = 5; do {(a++ + (b++));} while (((a++ + (bar_2 && bar_2.foo))) && --brake30 > 0);}} while ((((c = c + 1) + (bar_2 && bar_2[(Infinity)]))) && --brake29 > 0);}}}
{var brake32 = 5; while (((bar_2)) && --brake32 > 0){(delete (((((-5)>"a")||((-4) - "object")) - (("number" - [])/(NaN*(-1))))));
{var expr35 = (bar_2 && bar_2.a);  for (var key35 in expr35) {c = 1 + c; var b_2 = expr35[key35]; for (var brake36 = 5; ((c = 1 + c, ((( /[a2][^e]+$/ ^"undefined")===(c = c + 1, 24 .toString()))^((c = c + 1, Infinity),(1|(-5)))))) && brake36 > 0; --brake36)(c = 1 + c, ((bar_2 && (bar_2[(+function (){

;
}())]^=(((-2)!==([,0].length === 2))!==(bar_2+=("a">>this))))) - (( /[a2][^e]+$/ >>>"function")&&(24 .toString()|(-1)))));}}
var parseInt_1 = (a++ + (!function a_1(){

;
}())), bar = (1 === 1 ? a : b);
}}
}} while (((--b)) && --brake16 > 0);}}
c = c + 1;
try {var bar_1; } catch (Math) { var b_2 = (+function bar_1_1(){

{{var expr44 = ( /[abc4]/.test((((c = 1 + c, (bar_1 && (bar_1[((--b) + ( (((void a)) || 1).toString()[(++a)] ))]>>=(((2<="number")>>>(0x26.toString()!==false))^((bar_1_1=(true + 3))!==("a"<=({})))))))) || b || 5).toString()) );  for (var key44 in expr44) {{var brake45 = 5; L11596: while (((c = 1 + c, (((22||(-3)) + (parseInt_1=("number"/22))),(("undefined"!="c")!=(3<<"c"))))) && --brake45 > 0)(c = 1 + c, (((2>>"number") - ("bar"=="b"))<=((bar_1_1 && (bar_1_1[(c = 1 + c, (c = c + 1, ((-0<=4)>>>("number"&"b"))))]-=(this>>>"object")))||( /[a2][^e]+$/ ==[,0][1]))));}}}
switch (((--b) + (~a))) { 
case (typeof bar_1_1 == "function" && --_calls_ >= 0 && bar_1_1((-3), true)):
(c = 1 + c, ((("number"*(-2))||(parseInt_1 && (parseInt_1[(c = 1 + c, (((bar_2 && (bar_2.c=(2^25. ))),(""!="b"))&&(c = c + 1, (bar_1+=(4^"bar")))))]=(true/5))))!==((3||-0)||("">="object"))));
(c = 1 + c, ((("foo" + [])>(false*[,0][1]))<<((25.  - [])>>>(3>=23..toString()))));

 break;

case ( /[abc4]/.test((((c = 1 + c, (((2<<2)%([,0][1]<="undefined"))&&((22>(-2))==("object" + this))))) || b || 5).toString()) ):
(c = 1 + c, (((!(undefined))%(this,25. ))%((5^"c")|("object"<Infinity))));
(c = 1 + c, (((24 .toString()<"a")===("foo"<<2))<(c = c + 1, (b_2=("a"*(-3))))));

 break;

case (a++ + (b/* ignore */--)):

 break;

case ( (((c = 1 + c, (((2%5)>>>((-2),"object"))^(([,0][1]>([,0].length === 2))>=(5/(-2)))))) || a || 3).toString() ):
(c = 1 + c, (((1^([,0].length === 2))!=(([,0].length === 2)<<"a"))!=((bar_1_1 && (bar_1_1[(c = 1 + c, ((("b"!==2)^(4>=({})))>=(("c"^({}))!==((-4)%0x26.toString()))))]=(true|[,0][1]))) - ((-2)>=22))));

 break;
}
/*3*/return;
try {; } finally { (c = 1 + c, (((-0 + "foo")&("object"|22)),(("foo">="undefined")===(NaN!=5))));
(c = 1 + c, (((({})|(-1))/("foo" + [,0][1]))<=(((-4)=="function")>=("bar"<=Infinity))));
 }
}
return ((c = c + 1) + (typeof f0 == "function" && --_calls_ >= 0 && f0(( (((c = 1 + c, (((5>=2)&&(3,NaN))!=(("bar"!=="a") - (bar_2 && (bar_2[(c = 1 + c, (((this||null)^(([,0].length === 2)==23..toString()))|(( /[a2][^e]+$/ *"")^([,0][1] +  /[a2][^e]+$/ ))))]=([,0][1]>>>"bar"))))))) || 6).toString()[(c = 1 + c, ((("bar" - 23..toString())&&("bar"^"c"))>>(("number" + "b")!==( /[a2][^e]+$/ ^-0))))] ), ((c = c + 1) + (typeof f2 == "function" && --_calls_ >= 0 && f2(NaN, (c = 1 + c, (((""%23..toString()) + (undefined==="foo"))==(((-4)&&"function")>(parseInt_1 && (parseInt_1[(c = 1 + c, (bar_1=((("b"%[,0][1])==(23..toString()>>>(-3)))^((25. ||5)/(({})^"")))))]+=(4>>>(-4)))))))))), "bar")));
switch (((typeof f2 == "function" && --_calls_ >= 0 && f2((c = 1 + c, (((0==(-5)),("a"^({})))!==(c = c + 1, (24 .toString()===this)))), (c = 1 + c, (((null>>>"undefined")%((-1)==null)) - ((-("c")) + (([,0].length === 2)===(-2))))), [,0][1]))?(a++ + (void function (){

(c = 1 + c, (bar_1_1 && (bar_1_1.foo=(((!((-1)))|(this<<"c")) + ((({})|(-3)) - (-0>"a"))))));

}())):(a++ + (bar_1 && bar_1.in)))) { 
case (b |= a):

 break;

case ((c = c + 1) + (a/* ignore */++)):

 break;

case ((((4&&"foo")!==(false<<([,0].length === 2)))*(("number"&"number")===(this&"c")))):
if (((c = c + 1) + (bar_1_1)))L11597: {;} else {var expr63 = (c = 1 + c, ((("object"&&(-1))!==(1<=23..toString()))*((Infinity>>>[])<<(0x26.toString()<"function"))));  for (var key63 in expr63) {c = 1 + c; var NaN_1 = expr63[key63]; (c = 1 + c, ((((-1)<<[])/(-0& /[a2][^e]+$/ ))%(bar_2 && (bar_2.null=((5>>24 .toString())^(null|(-5)))))));}}
switch ((~(((("foo">>"undefined")^((-1)||undefined))>((c = c + 1, [])==((-2)&&23..toString())))))) { 
case (parseInt_1/=(c = 1 + c, (((NaN_1+=(-0^-0))|(2/3))&((undefined>>>2)^((-4)!==24 .toString()))))):
(c = 1 + c, (((""&&0x26.toString())==(4<="foo"))<<(("bar",[])*(-(NaN)))));

 break;

case (a++ + ([,0][1])):
(c = 1 + c, ((((-3)&&25. )^(({})!=="c")),((NaN_1 && (NaN_1.c=("number"&25. )))>>>("a"/4))));

 break;

case (!function (){

;
}()):
(c = 1 + c, (parseInt_1 && (parseInt_1.a=(((0 + "object") + (NaN===5))!=(("a"&2)&(+(1)))))));

 break;

case ((c = c + 1) + (++a)):

 break;
}

 break;

case ((c = c + 1) + (({
null:((a++ + ((function (){

;
})))),
undefined:((b_2 && b_2.Infinity)),
'':(((--b) + (void function b_2(){

;
}()))),
})[(b++)])):
L11598: for (var brake69 = 5; (( (((c = 1 + c, (((([,0].length === 2)/25. )<<("object"||this))%(("bar">>2)%("c"&"number"))))) || a || 3).toString() )) && brake69 > 0; --brake69)var NaN_2 = (c = 1 + c, ((("bar"&null)!==(5>>>"function")) - ((([,0].length === 2)/undefined) - ((-3) + ({})))));
switch ((a++ + ((function b_1(){

;
})()))) { 
case ( (((c = 1 + c, (((this<<24 .toString())==("function"&&"function"))|((1!="")<("b"!==(-3)))))) || a || 3).toString() ):
(c = 1 + c, (((-(0x26.toString()))>>(this>23..toString()))<=((0x26.toString()!=23..toString())|(0x26.toString()>>"bar"))));
(c = 1 + c, (((NaN!=[,0][1])===(NaN + "number"))&((NaN|NaN)*(0> /[a2][^e]+$/ ))));

/* fall-through */

case (a++ + (b--)):

 break;

default:


case (-b):
(c = 1 + c, (((parseInt_1 && (parseInt_1[(c = 1 + c, (((Infinity + null),("bar",undefined))>>>(parseInt_1=(("number"!==25. )*("a"<<"bar")))))]+=(Infinity&(-3))))>(1||[]))%((-0 - (-5))>>(delete (3)))));
(c = 1 + c, (((Infinity - ({}))>([,0][1]==0))!=(([,0][1]!=="c")<<(-0>false))));

 break;
}

 break;
}
for (var brake76 = 5; ((({
}))) && brake76 > 0; --brake76){{ return (c = 1 + c, ((parseInt_1=((+(Infinity))&("function"|1)))==(b_2 && (b_2.c+=((([,0].length === 2)&4)<=(4!=undefined))))))}
{;}
L11599: for (var brake80 = 5; ((c = 1 + c, (bar_1_1 && (bar_1_1.null-=(((c = c + 1, 0x26.toString())!==(5&24 .toString()))<((4 + 0)*([]>>>"bar"))))))) && brake80 > 0; --brake80)(c = 1 + c, (((c = c + 1, [,0][1])>(3^(-4)))&&(((-1)^23..toString())%(-0||0))));
(c = 1 + c, (((b_2 && (b_2[(c = 1 + c, ((bar_2 && (bar_2.b+=((NaN|5)/((-1)^0))))%((Infinity*4)^(0==="undefined"))))]|=((-1)/1)))===("foo"||(-5)))!=((true%25. )%([]<< /[a2][^e]+$/ ))));
}

}()), NaN = (({
Infinity:((delete ((parseInt_1 && (parseInt_1[(typeof bar_2 == "function" && --_calls_ >= 0 && bar_2(undefined, this, 2))]=(((1>>false)===(Infinity|[]))/((void (({})))>=(""<<"object")))))))),
NaN:((0 === 1 ? a : b)),
}));
c = c + 1;
 }
}

console.log(null, a, b, c, Infinity, NaN, undefined);
// uglified code
// (beautified)
var i = 10, a = 100, o = 10, f = 0;

f += 1;

for (var t = 5; {
    3: a++,
    b: +function f() {
        var t = function() {
            try {
                f = 1 + f, a && (a["var"] += 2 <= (a = "c" >>> {})), f += 1, 23..toString();
            } catch (d) {}
            for (var t = 5; f = 1 + f, f += 1, f += 1, 24..toString(), f = 1 + f, !1 & "function" * (2 === [ , 0 ].length) == -1 && 0 < --t; ) {}
        }((a++, /[abc4]/.test((f = 1 + f, t && (t[(f = 1 + f, 25)] = 3 === {}), f || 5).toString())));
        try {
            f += 1;
        } finally {
            --f, f = 1 + f, t = ([] < 4 ^ (f += 1, 0)) != "b" - (I << 1);
        }
    }()
}["function" == typeof a && 0 <= --i && a()] && 0 < --t; ) {
    var n = 5;
    do {
        var r = (-1 - I == -3) * (-0 ^ 38..toString());
        for (var e in r) {
            f = 1 + f;
            var c = r[e];
        }
        for (var v = 5; [ void 0, (f += 1) + !(1 >> ((2 === [ , 0 ].length) - 5 ^ "function" <= I)), (f += 1) + (o *= a), --o - 1 ][(f += 1) + function o() {
            return f = 1 + f, c && (c["var"] |= (c && (c[(f += 1) + [ (f = 1 + f, f += 1, (c -= 5 * 24..toString()) | "b4" ^ (c += NaN)), (f = 1 + f, 
            (!0 & (f += 1, null)) - (!1 - -1 * 24..toString())), (f = 1 + f, NaN - (22 !== 24..toString()) > (!1 < (/[a2][^e]+$/ < (2 === [ , 0 ].length)))) ]] = ([] << 4) % -1)) - (3 >> (f += 1, 
            "number")));
        }] && 0 < --v; ) {
            f += 1;
        }
        var g = --o + a;
        for (var u in g) {
            var S = 5;
            do {
                for (var l = 5; a++, o++, a++ + (c && c.foo) && 0 < --l; ) {}
            } while ((f += 1) + (c && c[Infinity]) && 0 < --S);
        }
        for (var h = 5; c && 0 < --h; ) {
            var y = c && c.a;
            for (var s in y) {
                f = 1 + f;
                y[s];
                for (var N = 5; f = 1 + f, 0 === (f += 1, 24..toString()) ^ (f += 1, Infinity, -5) && 0 < N; --N) {
                    f = 1 + f, c && (c.NaN ^= -2 !== (2 === [ , 0 ].length) !== (c += "a" >> this));
                }
            }
            var b = a++ + !0;
        }
    } while (--o && 0 < --n);
}

f += 1;

try {
    var d;
} catch (k) {
    (function p() {
        var t = /[abc4]/.test((f = 1 + f, d && (d[--o + 1..toString()[++a]] >>= !1 >>> (!1 !== 38..toString()) ^ (p = 4) !== "a" <= {}) || o || 5).toString());
        for (var n in t) {
            for (var r = 5; f = 1 + f, b = NaN, 0 < --r; ) {
                f = 1 + f, p && (p[(f = 1 + f, f += 1, 1)] -= this >>> "object");
            }
        }
        switch (--o + ~a) {
          case "function" == typeof p && 0 <= --i && p(-3, !0):
            f = 1 + f, b && (b[(f = 1 + f, c && (c.c = 27), f += 1, d += 4)] = .2), f = 1 + f, 
            23..toString();
            break;

          case /[abc4]/.test((f = 1 + f, o || 5).toString()):
            f = 1 + f, undefined, Infinity, f = 1 + f, 24..toString(), f += 1, NaN;
            break;

          case a++ + o--:
            break;

          case (f = 1 + f, 2 ^ -2.5 <= ((2 === [ , 0 ].length) < 0) || a || 3).toString():
            f = 1 + f, p && (p[(f = 1 + f, (!0 ^ {} <= 4) >= (("c" ^ {}) != -4 % 38..toString()))] = 1);
        }
    })();
    var I = {
        Infinity: (b && (b["function" == typeof c && 0 <= --i && c(undefined, this, 2)] = (1 == (Infinity | [])) / !1), 
        !0),
        NaN: o
    };
    f += 1;
}

console.log(null, a, o, f, Infinity, I, undefined);
original result:
�[1mnull�[22m �[33m0�[39m �[33m10�[39m �[33m12�[39m �[33mInfinity�[39m �[90mundefined�[39m �[90mundefined�[39m

uglified result:
�[1mnull�[22m �[33m0�[39m �[33m10�[39m �[33m2�[39m �[33mInfinity�[39m �[90mundefined�[39m �[90mundefined�[39m

minify(options):
{
  "ie8": true,
  "toplevel": true
}
@alexlamsl alexlamsl added the bug label Oct 15, 2019
alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Oct 15, 2019
@alexlamsl
fix corner case in rename
e2ad90f 
fixes mishoo#3480
@alexlamsl alexlamsl mentioned this issue Oct 15, 2019
Merged
alexlamsl added a commit that referenced this issue Oct 15, 2019
@alexlamsl
fix corner case in rename (#3481)
8af2f5f 
fixes #3480
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix corner case in rename alexlamsl/UglifyJS
1 participant
@alexlamsl