Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ufuzz failure #3581

Closed
alexlamsl opened this issue Nov 13, 2019 · 0 comments · Fixed by #3582
Closed

ufuzz failure #3581

alexlamsl opened this issue Nov 13, 2019 · 0 comments · Fixed by #3582
Labels
bug

Comments

@alexlamsl
Copy link
Collaborator 

// original code
// (beautified)
var _calls_ = 10, a = 100, b = 10, c = 0;

try {
} finally {
    try {
        {
            var expr4 = b = a;
            for (var key4 in expr4) {
                c = 1 + c;
                var arguments_1 = expr4[key4];
                L18102: {
                    try {
                    } finally {
                        c = c + 1;
                    }
                    switch ((c = c + 1) + [ a++, a++ + (typeof bar_1 != "string"), a++ + +function b() {
                        c = 1 + c, 0 + -5 >= (4 ^ "object") != ~(Infinity > -2);
                        c = 1 + c, ("" || "function") && "foo" < "number", (arguments_1[(c = 1 + c, arguments_1 && (arguments_1[a++] = "object" >> 4 <= (-1 | "number") !== void ("a" != -0)))] += "object" != -3) || "bar" != null;
                    }(), 1 === 1 ? a : b ]) {
                      case --b + (typeof f1 == "function" && --_calls_ >= 0 && f1((null >>> -5 || (c = c + 1, 
                        "bar")) >>> (23..toString() > -1 > (24..toString() ^ -2)), ++a)):
                        {
                            var brake13 = 5;
                            do {
                                {
                                    var brake14 = 5;
                                    L18103: while (void (c = c + 1, ("undefined", "foo") | -3 * /[a2][^e]+$/) && --brake14 > 0) {
                                        c = c + 1;
                                    }
                                }
                            } while (({
                                3: (c = 1 + c, (arguments_1 && (arguments_1[(c = 1 + c, (!"number" ^ 24..toString() < Infinity) % (("undefined" ^ {}) < (/[a2][^e]+$/ >= "")))] = 25 >= 1)) + ("b" && 23..toString()) != ("foo" | 38..toString()) + (arguments_1 && (arguments_1[(c = 1 + c, 
                                ([ , 0 ][1] & -1) * (c = c + 1, 38..toString()) % ((undefined <= "a") >>> (-1 >>> "object")))] += 4 >= 22))),
                                1.5: (c = 1 + c, (22 | -3) + ([] >= 23..toString()), arguments_1 && (arguments_1[typeof (c = 1 + c, 
                                (true ^ -0) * ~23..toString() ^ 22 % 5 >> (c = c + 1, 22))] += (arguments_1 |= {} || "function") >> (-4 ^ "number"))),
                                1.5: (c = 1 + c, arguments_1 && (arguments_1[a++] = (undefined >> 1 >>> ("object" & "foo")) / delete (4 || 4))),
                                null: (c = 1 + c, (22 === -5) * (0 < "undefined") || (this == false) < (1 | "b"))
                            } || 1).toString()[!(-4 > 24..toString() == "bar" % -5 || (arguments_1 = {} * 23..toString() === "c" < 5))] && --brake13 > 0);
                        }
                        if (a++ + (typeof f0 == "function" && --_calls_ >= 0 && f0())) {
                            try {
                                if (c = 1 + c, (null || "bar") / (Infinity >= {}) << (arguments_1 && (arguments_1[(c = 1 + c, 
                                ("bar" % true > (arguments_1 = "undefined" && Infinity)) * (-1 / "foo" << 0 / ([ , 0 ].length === 2)))] >>= null & -3)) - NaN % [ , 0 ][1]) {
                                    c = 1 + c, (22 == []) - /[a2][^e]+$/ * 4 === null % "a" * (-0 + 0);
                                }
                            } catch (Infinity_2) {
                                c = 1 + c, Infinity_2 = (("undefined" < "foo") + (-4 & []), void ([ , 0 ].length === 2) - ("a" ^ "number"));
                                c = 1 + c, -2 < NaN <= "function" + true | "undefined" > 38..toString() == (24..toString() || true);
                            } finally {
                                c = 1 + c, arguments_1 = (arguments_1[b = a] = null + "object" << ([ , 0 ].length === 2) + -3) + ((c = c + 1, 
                                "object") << Infinity + "object");
                                c = 1 + c, this + 5 > (arguments_1 && (arguments_1.null = undefined / 38..toString())) >= (arguments_1 && (arguments_1.var = -4 ^ [ , 0 ].length === 2), 
                                4 < Infinity);
                            }
                        } else if (false % {} % (true == "c") >> (c = c + 1, -5 / {})) {
                        } else {
                            c = 1 + c, (-5 / 1 != +null) < (3 >> ([ , 0 ].length === 2) | "b" > 5);
                        }
                        break;

                      default:
                      case --b + (typeof arguments_1 == "function" && --_calls_ >= 0 && arguments_1(undefined, --b + (typeof f0 == "function" && --_calls_ >= 0 && f0("undefined", 25, {})), --b + "function")):
                        ;
                        break;

                      case b = a:
                        break;
                    }
                }
            }
        }
    } catch (bar_1) {
    }
    switch (--b + (arguments_1 && arguments_1.b)) {
      case --b + (([] | null) + (c = c + 1, 2) === ("c" != 2 | (arguments_1 && (arguments_1[(c = 1 + c, 
        (24..toString() > "undefined") >>> (22 == /[a2][^e]+$/) == ("bar" << 5) + (38..toString() + true))] = [ , 0 ][1] === "a")))):
        break;

      case --b + [ +b, typeof f0 == "function" && --_calls_ >= 0 && f0([ , 0 ][1], Infinity), "bar" >>> "foo" << (this != 24..toString()) << ((38..toString() || Infinity) >>> (-5 | 23..toString())), arguments_1, (c = c + 1) + /[abc4]/.test(((c = c + 1) + !(arguments_1 && (arguments_1[--b + (a++ + (arguments_1 &= (c = 1 + c, 
        (+[] >= -4 + 4) + (([ , 0 ][1] & "object") != "foo" % -2))) ? ((c = 1 + c, ((arguments_1 && (arguments_1.a = -3 + {})) >> (2, 
        -2)) / ("foo" != false, 1 - -5)) || 0).toString()[(c = 1 + c, (22 <= -4) >> -3 * true, 
        (4 != 25) >> (38..toString() == null))] : arguments_1)] = ((arguments_1 && (arguments_1[(c = 1 + c, 
        (arguments_1 += "" > false == (c = c + 1, -0)) >= Infinity * -0 / (Infinity === 23..toString()))] = [ , 0 ][1] / -0)) !== "object" / false) > (("function" | 22) != ("function", 
        0)))) || b || 5).toString()) ]:
        break;

      case (c = c + 1) + (1 === 1 ? a : b):
        if ((c = c + 1) + 3) {
            L18104: for (var brake32 = 5; [ --b + [ --b, ((c = 1 + c, ([ , 0 ][1] >> "number" < (24..toString() && {})) >>> ((-3 > /[a2][^e]+$/) >>> (-3 === this))) || a || 3).toString(), b += a ][arguments_1 && arguments_1[b += a]], arguments_1, {}[typeof arguments_1 == "function" && --_calls_ >= 0 && arguments_1((c = 1 + c, 
            arguments_1 && (arguments_1.NaN = ("b" ^ "c") === ("b" ^ "a") ^ (arguments_1 && (arguments_1.foo += (arguments_1 += [ , 0 ].length === 2 == -2) & null >= [ , 0 ][1])))), this, [])], typeof f0 == "function" && --_calls_ >= 0 && f0() ].NaN && brake32 > 0; --brake32) {}
        }
        {
            var brake34 = 5;
            while (typeof f1 == "function" && --_calls_ >= 0 && f1(5, -1) && --brake34 > 0) {
                for (var brake35 = 5; (c = c + 1) + /[abc4]/.test((--b + (typeof f1 == "function" && --_calls_ >= 0 && f1("bar")) || b || 5).toString()) && brake35 > 0; --brake35) {
                    a++;
                }
            }
        }
        break;

      default:
        for (var brake37 = 5; (c = c + 1) + /[abc4]/.test(((c = c + 1) + (arguments_1 && arguments_1[(c = c + 1) + /[abc4]/.test((arguments_1 || b || 5).toString())]) || b || 5).toString()) && brake37 > 0; --brake37) {
            try {
                {
                    var expr39 = (c = c + 1) + [ (c = c + 1) + (1 === 1 ? a : b), b + 1 - .1 - .1 - .1, typeof f0 == "function" && --_calls_ >= 0 && f0((c = 1 + c, 
                    (c = c + 1, -2 === 24..toString()) & 4 * [ , 0 ][1] > (arguments_1 && (arguments_1.c = "number" << {}))), 22, "foo") ];
                    for (var key39 in expr39) {
                        c = 1 + c;
                        var bar_2 = expr39[key39];
                        if (0 === 1 ? a : b) {
                            throw --b + (b-- || a || 3).toString();
                        } else if ([ (c = 1 + c, ("number" && 25) <= (undefined || -4) != (-2 | [ , 0 ].length === 2 | "b" == "bar")), (c = 1 + c, 
                        -(undefined ^ "object") >> (5 == undefined, "foo" !== -1)), (c = 1 + c, (bar_2 && (bar_2[--b + bar_2] = -0 > -1 <= ("c", 
                        23..toString()))) * ((/[a2][^e]+$/ || []) < (-0 >= -2))) ].b) {
                            switch (((c = 1 + c, ((24..toString() != "bar") >>> (bar_2 && (bar_2[(c = 1 + c, 
                            this % "" >= (22 != "number") & (undefined << 2 || arguments_1 && (arguments_1[(c = 1 + c, 
                            1 + -4 < (arguments_1 += 24..toString() ^ []) & (bar_2 && (bar_2[a++] += [ , 0 ].length === 2 === "function" ^ 4 / 23..toString())))] = -0 >> "c")))] <<= "bar" != -0))) - ((arguments_1[(c = 1 + c, 
                            (undefined >>> 2, -1 >> 3) <= ((this | "a") >= (NaN | 38..toString())))] %= /[a2][^e]+$/ >> "b") <= -3 >>> "b")) || 3).toString()[(c = 1 + c, 
                            (25 >= 2 ^ ("undefined", 22)) > (delete -2 && null > "number"))]) {
                              case a++ + (bar_2 && bar_2.b):
                                break;

                              case --b + ((c = 1 + c, (0 + 38..toString() === ~-1) % (23..toString() !== -1 != (2 !== 22))) || 9).toString()[(c = 1 + c, 
                                bar_2 = (arguments_1 += (undefined !== [ , 0 ][1], "c" < 4)) << (bar_2 = (22 == 4) + "bar" * 25))]:
                                c = 1 + c, (23..toString() << 5) % (bar_2 && (bar_2.a += this === true)) / ((/[a2][^e]+$/, 
                                2) | this * 2);
                                break;

                              case --b + bar_2:
                                break;

                              default:
                            }
                        } else {
                            var brake45 = 5;
                            L18105: do {
                                for (var brake46 = 5; (c = 1 + c, (bar_2 &= NaN !== "foo" | -0 ^ -5) < (4 - "bar" == "undefined" + -2)) && brake46 > 0; --brake46) {
                                    c = 1 + c, arguments_1 += (23..toString() ^ -0 | (arguments_1 /= 38..toString() != 2)) ^ (arguments_1 += Infinity !== null === (/[a2][^e]+$/ != 2));
                                }
                            } while ((c = c + 1) + -1 && --brake45 > 0);
                        }
                    }
                }
            } catch (b_2) {
                L18106: for (var brake48 = 5; (b += a) && brake48 > 0; --brake48) {
                    var expr49 = a++ + b--;
                    L18107: for (var key49 in expr49) {
                        {
                            var b = function f0(b, arguments_1) {
                            }((c = 1 + c, arguments_1 && (arguments_1[{
                                null: (c = 1 + c, (b_2 && (b_2.undefined = ("b" <= "undefined") + 38..toString() * -2)) ^ (5 | 38..toString()) != (5 !== -0)),
                                b: (c = 1 + c, b_2 && (b_2.var = (4 | "") >>> (arguments_1 = 0 * /[a2][^e]+$/) < ((arguments_1 && (arguments_1[(c = 1 + c, 
                                ((b_2 && (b_2.b += -1 == "a")) === (38..toString(), NaN)) >> (b_2 += 3 - "bar" >= (bar_2 && (bar_2[(c = 1 + c, 
                                (b_2 %= (0 <= "b") >>> (true < null)) && (false || 38..toString()) <= ({} > 1))] /= undefined % "undefined"))))] -= 1 >>> "b")) & (true || 24..toString())))),
                                in: (c = 1 + c, 5 >>> "undefined" <= (/[a2][^e]+$/, 25) > ((c = c + 1, "object") != ("b" | true))),
                                3: (c = 1 + c, (c = c + 1, "undefined") + (38..toString() || 2) | -2 + 4 - ("" >> true)),
                                length: (c = 1 + c, (-3 < 1 || "c" + -4) < ("foo" == 0 & false != "b"))
                            }.NaN] /= NaN / undefined ^ Infinity + -3) || /[a2][^e]+$/ + -5 > void 3), (c = 1 + c, 
                            arguments_1 && (arguments_1.a = (24..toString() / null === "function" / ([ , 0 ].length === 2)) / ((true ^ NaN) >> 24..toString() % 22))));
                        }
                    }
                }
                var bar_2;
            }
        }
    }
}

console.log(null, a, b, c, Infinity, NaN, undefined);
// uglified code
// (beautified)
var a = 10, f = 100, t = 10, o = 0;

try {
    var e = t = f;
    for (var r in e) {
        o = 1 + o;
        var i = e[r];
        switch (o += 1, (o += 1) + [ f++, f++ + ("string" != typeof bar_1), f++ + +void (i[(o = 1 + (1 + (1 + o)), 
        i && (i[f++] = !0))] += !0), f ]) {
          case --t + ("function" == typeof f1 && 0 <= --a && f1((o += 1, 0), ++f)):
            var n = 5;
            do {
                for (var N = 5; void (o += 1) && 0 < --N; ) {
                    o += 1;
                }
            } while (("" + {
                3: (o = 1 + o, (i && (i[(o = 1 + o, 0)] = !0)) + "23" != 38 + (i && (i[(o = 1 + o, 
                0 * (o += 1, "38") % 0)] += !1))),
                1.5: (o = 1 + o, i && (i[(o = 1 + o, typeof (-24 ^ 2 >> (o += 1, 22)))] += (i |= {}) >> -4)),
                1.5: (o = 1 + o, i && (i[f++] = 0)),
                null: (o = 1 + o, (0 == this) < 1)
            })[!(i = !1)] && 0 < --n);
            if (f++ + ("function" == typeof f0 && 0 <= --a && f0())) {
                try {
                    o = 1 + o, NaN << (i && (i[(o = 1 + o, 0 * ((i = 1 / 0) < NaN))] >>= 0)) - NaN && (o = 1 + o);
                } catch (a) {
                    a = NaN, o = 1 + (o = 1 + o);
                } finally {
                    o = 1 + o, i = 0 + (i[t = f] = 0), o = 1 + (o += 1), i && (i.null = NaN), i && (i.var = -3);
                }
            } else {
                NaN >> (o += 1, NaN) || (o = 1 + o);
            }
            break;

          default:
          case --t + ("function" == typeof i && 0 <= --a && i(void 0, --t + ("function" == typeof f0 && 0 <= --a && f0("undefined", 25, {})), --t + "function")):
          case t = f:
        }
    }
} catch (a) {}

switch (--t + (i && i.b)) {
  case --t + (0 + (o += 1, 2) == (!0 | (i && (i[(o = 1 + o, !1)] = !1)))):
  case --t + [ +t, "function" == typeof f0 && 0 <= --a && f0(0, 1 / 0), 0 << ("24" != this) << 0, i, (o += 1) + /[abc4]/.test("" + ((o += 1) + !(i && (i[--t + (f++ + (i &= (o = 1 + o, 
    2)) ? ("" + (o = 1 + o, ((i && (i.a = -3 + {})) >> -2) / 6 || 0))[(o = 1 + o, 1)] : i)] = !0 < (NaN !== (i && (i[(o = 1 + o, 
    NaN <= (i += 0 == (o += 1, -0)))] = NaN))))) || t || 5)) ]:
    break;

  case (o += 1) + f:
    if ((o += 1) + 3) {
        for (var c = 5; [ --t + [ --t, "" + (o = 1 + o, !1 >>> (!1 >>> (-3 === this)) || f || 3), t += f ][i && i[t += f]], i, {}["function" == typeof i && 0 <= --a && i((o = 1 + o, 
        i && (i.NaN = !0 ^ (i && (i.foo += !0 & (i += !1))))), this, [])], "function" == typeof f0 && 0 <= --a && f0() ].NaN && 0 < c; --c) {}
    }
    for (var s = 5; "function" == typeof f1 && 0 <= --a && f1(5, -1) && 0 < --s; ) {
        for (var v = 5; (o += 1) + /[abc4]/.test("" + (--t + ("function" == typeof f1 && 0 <= --a && f1("bar")) || t || 5)) && 0 < v; --v) {
            f++;
        }
    }
    break;

  default:
    for (var u = 5; (o += 1) + /[abc4]/.test("" + ((o += 1) + (i && i[(o += 1) + /[abc4]/.test("" + (i || t || 5))]) || t || 5)) && 0 < u; --u) {
        try {
            var l = (o += 1) + [ (o += 1) + f, t + 1 - .1 - .1 - .1, "function" == typeof f0 && 0 <= --a && f0((o = 1 + o, 
            o += 1, !1 & (i && (i.c = 0)) < 0), 22, "foo") ];
            for (var b in l) {
                if (t) {
                    throw --t + "" + (t-- || f || 3);
                }
                if ([ (o = 1 + (1 + o), !0), (o = 1 + o, 0), (o = 1 + o, !1 * ((k = l[b]) && (k[--t + k] = !0))) ].b) {
                    switch (("" + (o = 1 + o, (!0 >>> (k && (k[(o = 1 + o, !0 <= this % "" & (i && (i[(o = 1 + o, 
                    -3 < (i += 24) & (k && (k[f++] += 0)))] = 0)))] <<= !0))) - ((i[(o = 1 + o, -1 <= (38 <= ("a" | this)))] %= 0) <= -3 >>> "b") || 3))[(o = 1 + o, 
                    !0)]) {
                      case f++ + (k && k.b):
                        break;

                      case --t + ("" + (o = 1 + o, 9))[(o = 1 + o, k = (i += !1) << NaN)]:
                        o = 1 + o, k && (k.a += !0 === this);
                        break;

                      case --t + k:
                    }
                } else {
                    var h = 5;
                    do {
                        for (var y = 5; o = 1 + o, (k &= -5) < !1 && 0 < y; --y) {
                            o = 1 + o, i += (23 | (i /= !0)) ^ i + !0;
                        }
                    } while ((o += 1) + -1 && 0 < --h);
                }
            }
        } catch (a) {
            for (var d = 5; (t += f) && 0 < d; --d) {
                var p = f++ + t--;
                for (var w in p) {
                    o = 1 + o, i && (i[{
                        null: (o = 1 + o, !0 ^ (a && (a.undefined = -75))),
                        b: (o = 1 + o, a && (a.var = 4 >>> (i = NaN) < (!0 & (i && (i[(o = 1 + o, (NaN === (a && (a.b += !1))) >> (a += (k && (k[(o = 1 + o, 
                        (a %= 0) && !1)] /= NaN)) <= NaN))] -= 1))))),
                        in: (o = 1 + o, (1 != (o += 1, "object")) < !0),
                        3: (o = 1 + o, 2 | (o += 1, "undefined38")),
                        length: (o = 1 + o, !1)
                    }.NaN] /= 0), o = 1 + o, t = void (i && (i.a = NaN));
                }
            }
            var k;
        }
    }
}

console.log(null, f, t, o, 1 / 0, NaN, void 0);
original result:
null 125 3437 31 Infinity NaN undefined

uglified result:
null 125 3437 26 Infinity NaN undefined

minify(options):
{
  "compress": {
    "passes": 1000000,
    "unsafe": true
  },
  "toplevel": true
}
@alexlamsl alexlamsl added the bug label Nov 13, 2019
alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Nov 13, 2019
@alexlamsl
fix corner case in collapse_vars
fea4287 
fixes mishoo#3581
@alexlamsl alexlamsl mentioned this issue Nov 13, 2019
Merged
alexlamsl added a commit that referenced this issue Nov 13, 2019
@alexlamsl
fix corner case in collapse_vars (#3582)
fe65ce9 
fixes #3581
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix corner case in collapse_vars alexlamsl/UglifyJS
1 participant
@alexlamsl