ufuzz failure #3490

alexlamsl · 2019-10-16T17:01:22Z

var _calls_ = 10, a = 100, b = 10, c = 0;

if ({
    null: [ a++ + ~((25 - "object", a && (a[(c = 1 + c, (-0, [ , 0 ].length === 2) % ~-0 >= ("bar" ^ -2 ^ [ , 0 ][1] >= NaN))] &= this === "undefined")) == (NaN % null === true >> "foo")), --b + [ --b + b--, , a++ + ~b ] ][25 * {} >= ("" > /[a2][^e]+$/) && (-1 !== /[a2][^e]+$/) + (22 || true)],
    a: a += (/[abc4]/.test(((c = c + 1) + (a = --b) || b || 5).toString()) || 4).toString()["c"],
    3: [ --b + [ , ++b ].c, (Infinity >> -2) % (3 <= -0) && "c" >> "c" & "c" - {}, {
        undefined: a && a[--b + (typeof f0 == "function" && --_calls_ >= 0 && f0())],
        b: {},
        a: b++,
        3: +function b() {
            {
                var b_2 = function Infinity_2(b_2, NaN_1) {
                }((c = 1 + c, (("function" == 0) <= (22 ^ 1)) - ("" !== "b") / (0 != 5)));
            }
            {
                return a++ + {
                    b: (c = 1 + c, (-0, [ , 0 ].length === 2, -3 / -4) >= (null < "c" ^ [ , 0 ].length === 2 != undefined)),
                    a: (c = 1 + c, (b_2 && (b_2.a = (-0 | 22) * ("a" != -5))) >>> (("a" ^ false) != "b" <= 2)),
                    var: (c = 1 + c, ("undefined" * -5, 23..toString() % "object") ^ (b_2 && (b_2.foo = 2 <= "c")) < ("bar" > this)),
                    foo: (c = 1 + c, b_2 += (22 !== "function" !== 23..toString() * "a") - ({} - true + Infinity * -3))
                }[(c = 1 + c, (([ , 0 ].length === 2) < 38..toString()) << (38..toString() < 0) || ~(false != 5))];
            }
        }(),
        NaN: --b + delete ((c = c + 1, 3) & (-0 | 22) ^ (c = c + 1, -2, -3))
    }.var ],
    1.5: b = a
}) {
    c = c + 1;
}

if (--b + 25) {
    L154990: {
        c = c + 1;
    }
} else {
    var brake11 = 5;
    while ((c = c + 1) + (typeof foo_1 == "crap") && --brake11 > 0) {
        switch ("" - 5 <= 0 >> 2 & (25 > 24..toString() || "bar" * "function")) {
          case a -= a++:
            if ({
                length: a++ + (0 === 1 ? a : b)
            }) {
                c = c + 1;
                if (--b + (typeof f0 == "function" && --_calls_ >= 0 && f0(typeof f1 == "function" && --_calls_ >= 0 && f1((c = 1 + c, 
                (("b", "b") | 1 <= /[a2][^e]+$/) + ((22 == "a") >= (a = undefined > -4))))))) {}
            } else {
                for (var brake18 = 5; "object" && brake18 > 0; --brake18) {
                    var expr19 = !function() {
                        L154991: {
                            c = 1 + c, ([] - true === Infinity + "bar") << (-3 !== 5 ^ ("" ^ -1));
                            c = 1 + c, ({} !== Infinity) >= ("function" && -1) && (a && (a[(c = 1 + c, a && (a[a++ + {
                                Infinity: (c = 1 + c, ("a" && 1 || !4) >= (c = c + 1, Infinity >>> 4)),
                                "": (c = 1 + c, c = c + 1, [ , 0 ].length === 2 != [] & (22 || [ , 0 ].length === 2)),
                                length: (c = 1 + c, ("bar" ^ -3) - [ , 0 ][1] / "c" ^ (-1 >>> -4 && "function" >>> -2)),
                                null: (c = 1 + c, (c = c + 1, NaN + NaN) && ("a", undefined) >= "foo" / "b")
                            }.c] = (Infinity >> this || 2 && -4) === (1 == -0, 3 > this)))] += 23..toString() != "b")) != ("number" !== [ , 0 ][1]);
                            c = 1 + c, "bar" / [ , 0 ][1] * (a && (a.var += 23..toString() & -3)) >= ((/[a2][^e]+$/ | 3) !== (false, 
                            "undefined"));
                        }
                        {
                            c = 1 + c, {} >= Infinity != (c = c + 1, {}), ([ , 0 ][1] >= {}) * (a && (a[(c = 1 + c, 
                            ((c = c + 1, 3) & ("number" && "bar")) !== (c = c + 1, 38..toString() % 2))] = "number" + "function"));
                            c = 1 + c, ("object" >>> /[a2][^e]+$/ === ~"c") >>> (("function", 5) && 23..toString() & -3);
                            c = 1 + c, (/[a2][^e]+$/ !== undefined !== 2 <= 25) << (24..toString() + -1 << (a <<= [ , 0 ][1] & "object"));
                            c = 1 + c, (("object" & "b") !== "b" + Infinity) >>> (a += (-5 & {}) / (undefined != Infinity));
                        }
                    }();
                    for (var key19 in expr19) {
                        if (a++ + (1 === 1 ? a : b)) {}
                    }
                }
            }
            {
                var brake32 = 5;
                L154992: do {
                    {
                        {
                            for (var brake35 = 5; a && brake35 > 0; --brake35) {
                                var expr36 = (c = 1 + c, ({}, NaN) >= (undefined == -3) <= (a && (a.NaN = (5 && 3) <= (true || "b"))));
                                for (var key36 in expr36) {
                                    c = 1 + c, +5 / (true < true) ^ Infinity % 25 < ("undefined" >= 3);
                                }
                            }
                        }
                    }
                } while (null && --brake32 > 0);
            }
            break;

          case typeof b === "string":
            break;

          case a++ + a:
            ;
            ;
            break;

          case (c = c + 1) + b--:
            L154993: {
                a++ + a;
                try {
                    {
                        var expr43 = --b + --b;
                        for (var key43 in expr43) {
                            c = 1 + c;
                            var foo_2 = expr43[key43];
                            {
                                var brake44 = 5;
                                L154994: while (-!(foo_2 && (foo_2.in = [ , 0 ][1] === 23..toString())) && --brake44 > 0) {
                                    var NaN_1;
                                }
                            }
                        }
                    }
                } finally {
                    if (--b + ((c = 1 + c, (c = c + 1, NaN_1 && (NaN_1[(c = 1 + c, (("undefined" || 2) ^ -2 < "function") == (c = c + 1, 
                    "a" >>> [ , 0 ][1]))] += undefined & 5)) !== ("undefined" | null) >>> "c" / 1) ? NaN_1 && (NaN_1.null = ((foo_2 && (foo_2[(c = 1 + c, 
                    void (NaN_1 = (1 || {}) & 24..toString() !== -3))] += -3 >>> 24..toString())) | 2 ^ 2) >>> ((-0 >= {}) >>> ("undefined" == "function"))) : {
                        length: (c = 1 + c, (c = c + 1, undefined) % (22 - 3) < ("" | 5) % (foo_2 && (foo_2.var += [] == [ , 0 ][1])))
                    }[(c = 1 + c, (("" != []) < 0 % 4) / (0 % "number" >= (/[a2][^e]+$/ != -2)))])) {
                        var brake47 = 5;
                        L154995: while (a++ + !function undefined() {
                        }() && --brake47 > 0) {}
                    } else {
                        try {
                        } finally {
                            c = 1 + c, NaN_1 && (NaN_1[!((foo_2 && (foo_2.NaN = [] % "foo") || this | "") / ((1 | "foo") << "b" / -3))] = (23..toString() * 24..toString() >= ([ , 0 ][1] > "function")) - (4 % "a" | 5 * null));
                            c = 1 + c, (24..toString() ^ -5, "b" ^ -5) && (2, "b") ^ undefined > true;
                        }
                    }
                    {
                        var brake53 = 5;
                        while (typeof f1 == "function" && --_calls_ >= 0 && f1((c = 1 + c, -0 << 22 > 38..toString() >>> "bar" | (this != NaN, 
                        "a" != "bar"))) && --brake53 > 0) {}
                    }
                }
                var foo_2 = "a", b_2 = (c = c + 1) + b++;
            }
            {
                var brake56 = 5;
                while ((c = c + 1) + [ typeof f1 == "function" && --_calls_ >= 0 && f1(), a++ + (b = a), {
                    3: {
                        foo: (c = 1 + c, b_2 = (([ , 0 ].length === 2, -4) >>> (undefined !== -2)) % ~("number" | 1)),
                        c: (c = 1 + c, true < 22 >= +"foo" == this >= "foo" >= ("function" <= 1))
                    },
                    Infinity: typeof f1 == "function" && --_calls_ >= 0 && f1(),
                    "\t": typeof f1 == "function" && --_calls_ >= 0 && f1("c", [ , 0 ].length === 2, this)
                } ][typeof foo_2 == "function" && --_calls_ >= 0 && foo_2()] && --brake56 > 0) {
                    var brake57 = 5;
                    do {
                        {
                            var c_2 = function f0(a_1) {
                            }(-4, delete (true >>> false) != (-0 == 23..toString()) - (2, 25), a++ + {
                                0: (c = 1 + c, false == 4 == ("bar" ^ true), (false ^ -5) < (b_2 && (b_2[(c = 1 + c, 
                                (NaN_1 && (NaN_1[a++ + true] |= (-4 && -0) | (NaN_1 += -3 - "bar"))) == (c_2 ^= ("bar" > undefined) - (5 <= "object")))] += [ , 0 ][1] >>> this))),
                                undefined: (c = 1 + c, (-1 >> 1 ^ -1 == [ , 0 ][1]) >>> (foo_2 = (b_2 && (b_2[(c = 1 + c, 
                                (-0 ^ 25) !== (true && -1) & (c_2 && (c_2[(c = 1 + c, false * 3 / (true >= 1) === (!{} != (b_2 && (b_2[(c = 1 + c, 
                                (NaN_1 && (NaN_1[(c = c + 1) + [ (c = 1 + c, ("number" >= Infinity & (undefined ^ 5)) <= (b_2 && (b_2[(c = 1 + c, 
                                (foo_2 && (foo_2.undefined = 4 != /[a2][^e]+$/ ^ this % false)) >= ((5 !== this) >= (c = c + 1, 
                                [ , 0 ][1])))] &= "foo" * 5)) - (this ^ undefined)), (c = 1 + c, c = c + 1, void "number" / (-0 === "function")) ][(c = 1 + c, 
                                (38..toString() - Infinity || "" != 38..toString()) != (-4 << "object") % (/[a2][^e]+$/ & null))]] = undefined != "c" ^ 0 != "a")) >= ("foo" ^ -1) >> (4 >> this))] += true > -5))))] = ~24..toString() < /[a2][^e]+$/ + NaN)))] = this && 5)) >> (this ^ "function"))),
                                "-2": (c = 1 + c, ("" == null === true >> 3) / ({} * true ^ 24..toString() & Infinity)),
                                length: (c = 1 + c, (undefined >= []) - (b_2 && (b_2[(c = 1 + c, "object" > -2 | this == {} | ({} & 23..toString()) > ("foo" & {}))] /= undefined === 1)) ^ (-1 >= this, 
                                false == "number"))
                            });
                        }
                    } while (c_2 && --brake57 > 0);
                }
            }
            break;
        }
    }
}

console.log(null, a, b, c, Infinity, NaN, undefined);

// uglified code
// (beautified)
var f;

if (++b && (b[(d = 1 + d, !0)] &= "undefined" === this), --c, --c, c--, b++, b += (/[abc4]/.test(((d += 1) + (b = --c) || c || 5).toString()) || 4).toString().c, 
--c, ++c, b && b[--c + ("function" == typeof f0 && 0 <= --a && f0())], c++, f = void (d = 1 + d), 
b++, d = 1 + (d = 1 + d), f && (f.a = 22), d = 1 + d, f && (f.foo = !1), f += NaN, 
d = 1 + (d = 1 + d), --c, d += 1, d += 1, c = b, d += 1, 25 + --c) {
    d += 1;
} else {
    for (var o = 5; (d += 1) + ("crap" == typeof foo_1) && 0 < --o; ) {
        switch (1) {
          case b -= b++:
            b++, d += 1, --c, "function" == typeof f0 && 0 <= --a && f0("function" == typeof f1 && 0 <= --a && f1((d = 1 + d, 
            0 + ((b = !1) <= !1))));
            for (var t = 5; b && 0 < t; --t) {
                var i = (d = 1 + d, !1 <= (b && (b.NaN = !1)));
                for (var n in i) {
                    d = 1 + d;
                }
            }
            break;

          case "string" == typeof c:
          case b++ + b:
            break;

          case (d += 1) + c--:
            b++;
            try {
                var r = --c + --c;
                for (var e in r) {
                    d = 1 + d;
                    for (var s = r[e], v = 5; -!(s && (s.in = !1)) && 0 < --v; ) {}
                }
            } finally {
                if (--c + (d = 1 + d, 0 !== (d += 1, q && (q[(d = 1 + d, 0 == (d += 1, 0))] += 0)) ? q && (q.null = (0 | (s && (s[(d = 1 + d, 
                void (q = 1))] += 255))) >>> 0) : {
                    length: (d = 1 + d, void (d += 1) % 19 < 5 % (s && (s.var += !0)))
                }[(d = 1 + d, NaN)])) {
                    for (var N = 5; b++ + !0 && 0 < --N; ) {}
                } else {
                    d = 1 + d, q && (q[!((s && (s.NaN = NaN) || "" | this) / 1)] = 1), d = 1 + d;
                }
                for (var h = 5; "function" == typeof f1 && 0 <= --a && f1((d = 1 + d, 1)) && 0 < --h; ) {}
            }
            s = "a";
            for (var y = (d += 1) + c++, u = 5; (d += 1) + [ "function" == typeof f1 && 0 <= --a && f1(), b++ + (c = b), {
                3: {
                    foo: (d = 1 + d, y = 0),
                    c: (d = 1 + d, 0 == !1 <= ("foo" <= this))
                },
                Infinity: "function" == typeof f1 && 0 <= --a && f1(),
                "\t": "function" == typeof f1 && 0 <= --a && f1("c", !0, this)
            } ]["function" == typeof s && 0 <= --a && s()] && 0 < --u; ) {
                var p = 5;
                do {
                    var l = (b++, d = 1 + d, y && (y[(d = 1 + d, (q && (q[b++ + !0] |= -0 | (q += NaN))) == (l ^= 0))] += 0 >>> this), 
                    d = 1 + d, s = (y && (y[(d = 1 + d, !0 & (l && (l[(d = 1 + d, 0 === (0 != (y && (y[(d = 1 + d, 
                    (q && (q[(d += 1) + [ (d = 1 + d, 0 <= (y && (y[(d = 1 + d, (s && (s.undefined = !0 ^ this % !1)) >= ((5 !== this) >= (d += 1, 
                    0)))] &= NaN)) - (void 0 ^ this)), (d = 1 + d, d += 1, NaN) ][(d = 1 + d, !0)]] = 0)) >= -1 >> (4 >> this))] += !0))))] = !1)))] = this && 5)) >> ("function" ^ this), 
                    d = 1 + (d = 1 + d), void (y && (y[(d = 1 + d, !1 | this == {} | !1)] /= !1)));
                } while (l && 0 < --p);
            }
        }
    }
}

if (++b && (b[(d = 1 + d, !0)] &= "undefined" === this), --c, --c, c--, b++, b += (/[abc4]/.test(((d += 1) + (b = --c) || c || 5).toString()) || 4).toString().c, 
--c, ++c, b && b[--c + ("function" == typeof f0 && 0 <= --a && f0())], c++, f = void (d = 1 + d), 
b++, d = 1 + (d = 1 + d), f && (f.a = 22), d = 1 + d, f && (f.foo = !1), f += NaN, 
d = 1 + (d = 1 + d), --c, d += 1, d += 1, c = b, d += 1, 25 + --c) {
    d += 1;
} else {
    for (var o = 5; (d += 1) + ("crap" == typeof foo_1) && 0 < --o; ) {
        switch (1) {
          case b -= b++:
            b++, d += 1, --c, "function" == typeof f0 && 0 <= --a && f0("function" == typeof f1 && 0 <= --a && f1((d = 1 + d, 
            0 + ((b = !1) <= !1))));
            for (var t = 5; b && 0 < t; --t) {
                var i = (d = 1 + d, !1 <= (b && (b.NaN = !1)));
                for (var n in i) {
                    d = 1 + d;
                }
            }
            break;

          case "string" == typeof c:
          case b++ + b:
            break;

          case (d += 1) + c--:
            b++;
            try {
                var r = --c + --c;
                for (var e in r) {
                    d = 1 + d;
                    for (var s = r[e], v = 5; -!(s && (s.in = !1)) && 0 < --v; ) {}
                }
            } finally {
                if (--c + (d = 1 + d, 0 !== (d += 1, q && (q[(d = 1 + d, 0 == (d += 1, 0))] += 0)) ? q && (q.null = (0 | (s && (s[(d = 1 + d, 
                void (q = 1))] += 255))) >>> 0) : {
                    length: (d = 1 + d, void (d += 1) % 19 < 5 % (s && (s.var += !0)))
                }[(d = 1 + d, NaN)])) {
                    for (var N = 5; b++ + !0 && 0 < --N; ) {}
                } else {
                    d = 1 + d, q && (q[!((s && (s.NaN = NaN) || "" | this) / 1)] = 1), d = 1 + d;
                }
                for (var h = 5; "function" == typeof f1 && 0 <= --a && f1((d = 1 + d, 1)) && 0 < --h; ) {}
            }
            s = "a";
            for (var y = (d += 1) + c++, u = 5; (d += 1) + [ "function" == typeof f1 && 0 <= --a && f1(), b++ + (c = b), {
                3: {
                    foo: (d = 1 + d, y = 0),
                    c: (d = 1 + d, 0 == !1 <= ("foo" <= this))
                },
                Infinity: "function" == typeof f1 && 0 <= --a && f1(),
                "\t": "function" == typeof f1 && 0 <= --a && f1("c", !0, this)
            } ]["function" == typeof s && 0 <= --a && s()] && 0 < --u; ) {
                var p = 5;
                do {
                    var l = (b++, d = 1 + d, y && (y[(d = 1 + d, (q && (q[b++ + !0] |= -0 | (q += NaN))) == (l ^= 0))] += 0 >>> this), 
                    d = 1 + d, s = (y && (y[(d = 1 + d, !0 & (l && (l[(d = 1 + d, 0 === (0 != (y && (y[(d = 1 + d, 
                    (q && (q[(d += 1) + [ (d = 1 + d, 0 <= (y && (y[(d = 1 + d, (s && (s.undefined = !0 ^ this % !1)) >= ((5 !== this) >= (d += 1, 
                    0)))] &= NaN)) - (void 0 ^ this)), (d = 1 + d, d += 1, NaN) ][(d = 1 + d, !0)]] = 0)) >= -1 >> (4 >> this))] += !0))))] = !1)))] = this && 5)) >> ("function" ^ this), 
                    d = 1 + (d = 1 + d), void (y && (y[(d = 1 + d, !1 | this == {} | !1)] /= !1)));
                } while (l && 0 < --p);
            }
        }
    }
}

console.log(null, b, c, d, 1 / 0, NaN, void 0);

original result:
�[1mnull�[22m �[33mNaN�[39m �[33mNaN�[39m �[33m20�[39m �[33mInfinity�[39m �[33mNaN�[39m �[90mundefined�[39m

uglified result:
evalmachine.<anonymous>:1
(function(){var f;if(++b&&(b[(d=1+d,!0)]&="undefined"===this),--c,--c,c--,b++,b+=(/[abc4]/.test(((d+=1)+(b=--c)||c||5).toString())||4).toString().c,--c,++c,b&&b[--c+("function"==typeof f0&&0<=--a&&f0())],c++,f=void(d=1+d),b++,d=1+(d=1+d),f&&(f.a=22),d=1+d,f&&(f.foo=!1),f+=NaN,d=1+(d=1+d),--c,d+=1,d+=1,c=b,d+=1,25+--c)d+=1;else for(var o=5;(d+=1)+("crap"==typeof foo_1)&&0<--o;)switch(1){case b-=b++:b++,d+=1,--c,"function"==typeof f0&&0<=--a&&f0("function"==typeof f1&&0<=--a&&f1((d=1+d,0+((b=!1)<=!1))));for(var t=5;b&&0<t;--t){var i=(d=1+d,!1<=(b&&(b.NaN=!1)));for(var n in i)d=1+d}break;case"string"==typeof c:case b+++b:break;case(d+=1)+c--:b++;try{var r=--c+--c;for(var e in r){d=1+d;for(var s=r[e],v=5;-!(s&&(s.in=!1))&&0<--v;);}}finally{if(--c+(d=1+d,0!==(d+=1,q&&(q[(d=1+d,0==(d+=1,0))]+=0))?q&&(q.null=(0|(s&&(s[(d=1+d,void(q=1))]+=255)))>>>0):{length:(d=1+d,void(d+=1)%19<5%(s&&(s.var+=!0)))}[(d=1+d,NaN)]))for(var N=5;b+++!0&&0<--N;);else d=1+d,q&&(q[!((s&&(s.NaN=NaN)||""|this)/1)]=

ReferenceError: b is not defined
    at evalmachine.<anonymous>:1:19
    at evalmachine.<anonymous>:1:3604
    at Script.runInContext (vm.js:137:20)
minify(options):
{
  "compress": {
    "passes": 1000000,
    "unsafe": true
  },
  "toplevel": true
}

The text was updated successfully, but these errors were encountered:

fixes mishoo#3490

fixes #3490

alexlamsl added the bug label Oct 16, 2019

alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Oct 16, 2019

fix corner case in sequences

b15cc23

fixes mishoo#3490

alexlamsl mentioned this issue Oct 16, 2019

fix corner case in sequences #3491

Merged

alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Oct 16, 2019

fix corner case in sequences

c865405

fixes mishoo#3490

alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Oct 16, 2019

fix corner case in sequences

c3495a2

fixes mishoo#3490

alexlamsl closed this as completed in #3491 Oct 17, 2019

alexlamsl added a commit that referenced this issue Oct 17, 2019

fix corner case in sequences (#3491)

b1279a4

fixes #3490

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ufuzz failure #3490

ufuzz failure #3490

alexlamsl commented Oct 16, 2019

ufuzz failure #3490

ufuzz failure #3490

Comments

alexlamsl commented Oct 16, 2019