From 90a9548ea0ce351b54f956e2c4ed27cca9631284 Mon Sep 17 00:00:00 2001 From: Marijn Haverbeke Date: Sun, 1 Mar 2020 13:32:19 +0100 Subject: [PATCH 1/4] More rigorously check surrogate pairs in regexp validator --- acorn/src/regexp.js | 8 +++++--- test/tests-regexp.js | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/acorn/src/regexp.js b/acorn/src/regexp.js index ee19bcf55..2fe832b4b 100644 --- a/acorn/src/regexp.js +++ b/acorn/src/regexp.js @@ -50,7 +50,8 @@ export class RegExpValidationState { if (!this.switchU || c <= 0xD7FF || c >= 0xE000 || i + 1 >= l) { return c } - return (c << 10) + s.charCodeAt(i + 1) - 0x35FDC00 + const next = s.charCodeAt(i + 1) + return next >= 0xDC00 && next <= 0xDFFF ? (c << 10) + next - 0x35FDC00 : c } nextIndex(i) { @@ -59,8 +60,9 @@ export class RegExpValidationState { if (i >= l) { return l } - const c = s.charCodeAt(i) - if (!this.switchU || c <= 0xD7FF || c >= 0xE000 || i + 1 >= l) { + let c = s.charCodeAt(i), next + if (!this.switchU || c <= 0xD7FF || c >= 0xE000 || i + 1 >= l || + (next = s.charCodeAt(i + 1)) < 0xDC00 || next > 0xDFFF) { return i + 1 } return i + 2 diff --git a/test/tests-regexp.js b/test/tests-regexp.js index 6c4719486..804e00a59 100644 --- a/test/tests-regexp.js +++ b/test/tests-regexp.js @@ -1049,6 +1049,7 @@ test("/[\\d][\\12-\\14]{1,}[^\\d]/", {}, { ecmaVersion: 2015 }) testFail("/[\\d][\\12-\\14]{1,}[^\\d]/u", "Invalid regular expression flag (1:1)", { ecmaVersion: 5 }) testFail("/[\\d][\\12-\\14]{1,}[^\\d]/u", "Invalid regular expression: /[\\d][\\12-\\14]{1,}[^\\d]/: Invalid class escape (1:1)", { ecmaVersion: 2015 }) test("/([a ]\\b)*\\b/", {}, { ecmaVersion: 5 }) +test("/[x-*]/u".replace("*", String.fromCharCode(0xd800)), {}, {ecmaVersion: 6}) /* // This is test case generator. From 9a2e9b6678e243d66846b91179d650d28453e70c Mon Sep 17 00:00:00 2001 From: Marijn Haverbeke Date: Mon, 9 Mar 2020 11:38:41 +0100 Subject: [PATCH 2/4] Mark version 6.4.1 --- acorn/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acorn/package.json b/acorn/package.json index f862c38b6..318bed138 100644 --- a/acorn/package.json +++ b/acorn/package.json @@ -4,7 +4,7 @@ "homepage": "https://github.com/acornjs/acorn", "main": "dist/acorn.js", "module": "dist/acorn.mjs", - "version": "6.4.0", + "version": "6.4.1", "engines": {"node": ">=0.4.0"}, "maintainers": [ { From f51895bfee3047d808d7afdaad498526f040e787 Mon Sep 17 00:00:00 2001 From: Marijn Haverbeke Date: Mon, 5 Oct 2020 07:55:32 +0200 Subject: [PATCH 3/4] Fix potentially-exponential regular expression in use-strict-scanning --- acorn/src/parseutil.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acorn/src/parseutil.js b/acorn/src/parseutil.js index bce71b54e..7ef24a6da 100644 --- a/acorn/src/parseutil.js +++ b/acorn/src/parseutil.js @@ -6,7 +6,7 @@ const pp = Parser.prototype // ## Parser utilities -const literal = /^(?:'((?:\\.|[^'])*?)'|"((?:\\.|[^"])*?)")/ +const literal = /^(?:'((?:\\.|[^'\\])*?)'|"((?:\\.|[^"\\])*?)")/ pp.strictDirective = function(start) { for (;;) { // Try to find string literal. From f6b83edda8f4f0af57f9335cbdea8e5155133631 Mon Sep 17 00:00:00 2001 From: Marijn Haverbeke Date: Mon, 5 Oct 2020 10:14:22 +0200 Subject: [PATCH 4/4] Mark version 6.4.2 --- acorn/package.json | 2 +- acorn/src/index.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/acorn/package.json b/acorn/package.json index 318bed138..9281d70ee 100644 --- a/acorn/package.json +++ b/acorn/package.json @@ -4,7 +4,7 @@ "homepage": "https://github.com/acornjs/acorn", "main": "dist/acorn.js", "module": "dist/acorn.mjs", - "version": "6.4.1", + "version": "6.4.2", "engines": {"node": ">=0.4.0"}, "maintainers": [ { diff --git a/acorn/src/index.js b/acorn/src/index.js index 506a989dd..839384145 100644 --- a/acorn/src/index.js +++ b/acorn/src/index.js @@ -31,7 +31,7 @@ import {isIdentifierChar, isIdentifierStart} from "./identifier" import {Token} from "./tokenize" import {isNewLine, lineBreak, lineBreakG, nonASCIIwhitespace} from "./whitespace" -export const version = "6.4.0" +export const version = "6.4.2" export { Parser, defaultOptions,