ufuzz failure #5626

alexlamsl · 2022-08-23T12:02:46Z

// original code
// (beautified)
var _calls_ = 10, a = 100, b = 10, c = 0;

export let {
    "": undefined_2
} = {
    "": (a++ + (typeof a == "function" && --_calls_ >= 0 && a()) || 7).toString()[a && typeof a.a == "function" && --_calls_ >= 0 && a.a()]
};

{
    {
        var expr2 = typeof undefined_2 == "function" && --_calls_ >= 0 && undefined_2(/[a2][^e]+$/);
        for (var key2 in expr2) {
            c = 1 + c;
            var bar_1 = expr2[key2];
            {
                var yield_2 = function f0(arguments_1_2, arguments_1) {
                    if (~(((arguments_1_2 = undefined === 2) && 3 !== -2) <= 2 << -1 << -1 - (-42n).toString())) {
                        var brake5 = 5;
                        while ((1 === 1 ? a : b) && --brake5 > 0) {
                            if (a++ + /[abc4]/g.exec(((c = c + 1) + ((c = 1 + c, 
                            ((key2 && (key2[c = 1 + c, false >>> /[a2][^e]+$/ >> ("c" !== ([ , 0 ].length === 2)) && (arguments_1 && (arguments_1[0 === 1 ? a : b] = "c" << "undefined" | delete "number"))] += "bar" >>> "number")) >= (c = c + 1, 
                            [ , 0 ][1])) / ((arguments_1 && (arguments_1[c = 1 + c, 
                            (undefined + 23..toString()) * (-2 ^ "a") ^ ("b" & [ , 0 ].length === 2) % (5 > (-42n).toString())] += 22 >>> "a")) << 24..toString() ** 0)) || a || 3).toString() || b || 5).toString())) {
                                for (var brake7 = 5; (c = c + 1) + ++a && brake7 > 0; --brake7) {
                                    L25219: for (var brake8 = 5; (c = 1 + c, (0 | -1) === Infinity * -2 && (5 === -4) - (Infinity, 
                                    24..toString())) && brake8 > 0; --brake8) {
                                        c = 1 + c, (2 ^ !0o644n && this + "c") * (c = c + 1, 
                                        5, -5 == 23..toString());
                                    }
                                }
                            }
                        }
                    } else {
                        c = c + 1;
                    }
                }(-3, (c = c + 1) + [][b--], a++ + b--);
            }
        }
    }
}

{
    var foo_1 = function f1({
        foo
    }, a_2) {
    }({}, [ , 0 ][1]);
}

{
    var brake15 = 5;
    do {
        {
            var brake16 = 5;
            do {
                {
                    switch (--b) {
                      case {
                            Infinity: typeof b_1 == "number"
                        }:
                        c = c + 1;
                        break;

                      case undefined_2 && typeof undefined_2.c == "function" && --_calls_ >= 0 && undefined_2.c():
                        {
                            var a = function f2({
                                length: a_2,
                                1.5: async_1,
                                1.5: foo
                            }, await_1, let_2) {
                                {
                                    var expr21 = --b + +function() {
                                    }();
                                    L25220: for (var key21 in expr21) {
                                        var yield_1 = (c = 1 + c, (undefined_2 && (undefined_2[c = 1 + c, 
                                        ("a" + 25) / (let_2 = {} === Infinity) << (Number(0xdeadn << 16n | 0xbeefn) <= "undefined") - ((-42n).toString() << ([ , 0 ].length === 2))] += -4 <= undefined)) / ([ , 0 ][1] != "foo") && (c = c + 1, 
                                        0 != this)), let_2 = (c = 1 + c, (key21 && (key21.async &= ([ , 0 ].length === 2) >>> 3)) % (undefined_2 && ([ undefined_2.value ] = [ -1 || NaN ])) !== -("object" % null));
                                    }
                                }
                            }({});
                        }
                        break;

                      case --b:
                        {
                            var brake23 = 5;
                            L25221: while (!function await_1() {
                                {
                                    var c = function f3() {
                                    }(Infinity);
                                }
                            }() && --brake23 > 0) {
                                L25222: {
                                    ((c = 1 + c, ("c" % undefined, {} || undefined) ^ (c = c + 1, 
                                    "undefined" / 0)) || 4).toString()[c = 1 + c, 
                                    ([ , 0 ][1] !== "c" !== ("c" && "foo")) - (([ , 0 ].length === 2 ^ 24..toString()) > (3 & "number"))];
                                    {
                                        var expr27 = [ , 0 ][1];
                                        for (var key27 in expr27) {
                                            c = 1 + c;
                                            var let_2 = expr27[key27];
                                            {
                                                var expr28 = (c = 1 + c, true - false == ("number" ^ []), 
                                                (/[a2][^e]+$/ === 5) + (c = c + 1, 
                                                [ , 0 ].length === 2));
                                                L25223: for (var key28 in expr28) {
                                                    c = 1 + c, ((c = c + 1, [ , 0 ][1]) || this < 38..toString()) & 25 << NaN != this * "function";
                                                }
                                            }
                                        }
                                    }
                                    L25224: for (var brake30 = 5; (c = c + 1) + +function foo() {
                                    }() && brake30 > 0; --brake30) {}
                                }
                            }
                        }

                      default:
                        var a_2 = -0 ? b = a : (c = c + 1) + (delete a || a || 3).toString();
                    }
                }
            } while (/[abc4]/.test((+function() {
                {
                    var expr33 = +function() {
                        try {
                            return c = 1 + c, Infinity != 22 || "" << 3 || (c = c + 1, 
                            "b") ^ this << "foo";
                        } finally {}
                        switch ((22 & /[a2][^e]+$/) >= (0 ^ 25) | 25 * -2 >>> (Infinity, 
                        1)) {
                          case a++ + /[abc4]/g.exec(((c = 1 + c, (c = c + 1, [ , 0 ].length === 2) << (5 ^ 2) == 0 << 3 >>> ([ , 0 ][1] | undefined)) || b || 5).toString()):
                            break;

                          case --b:
                            c = 1 + c, ([ , 0 ][1] >> this < (-5 & "object")) << ((5 || 0) < (undefined_2 && (undefined_2.in = true && "object")));
                            break;

                          default:
                            c = 1 + c, undefined * -1 ^ (null || 4) ^ -3 < "a" & !4;

                          case (c = c + 1) + (undefined_2 && undefined_2[c = 1 + c, 
                            ("function" == 24..toString()) >>> (undefined !== {}) && ("undefined" ^ "object") & /[a2][^e]+$/ != "object"]):
                            break;
                        }
                        for (var brake39 = 5; (c = c + 1) + ((null && "a") >>> (3, 
                        -2) != "" * "a" <= 1 % false) && brake39 > 0; --brake39) {
                        }
                        try {
                            for (var brake42 = 5; (c = 1 + c, ([ undefined_2.a ] = [ 1 | 2 ]) < true >> 24..toString() != (3 != this, 
                            "foo" | {})) && brake42 > 0; --brake42) {
                                c = 1 + c, Infinity ^ -1 ^ (foo_1 && (foo_1.value >>= ("object", 
                                [ , 0 ][1]))) ^ -3 + 1 << (this ^ 4);
                            }
                        } catch (await) {
                            c = 1 + c, c = c + 1, false >= 24..toString(), 5 * "function" == NaN >> "";
                            c = 1 + c, (await -= 4 / 3 + -4 % "foo") != (-0 <= [ , 0 ][1]) - (Number(0xdeadn << 16n | 0xbeefn) << NaN);
                        }
                        switch (b = a) {
                          case --b + ++b:
                            c = 1 + c, ((22 || -4) === 25 <= 0) >= (3 >> "a", foo_1 = "foo" > -4);
                            break;

                          case (c = c + 1) + /[abc4]/g.exec(((c = 1 + c, (this != 24..toString()) < "foo" >> 0 | -2 & "b" & (false, 
                            NaN)) || b || 5).toString()):
                            c = 1 + c, (foo_1 <<= [] === 25) % (undefined == []) || (5 && null) == 38..toString() % Infinity;
                            break;

                          default:
                            c = 1 + c, ("number" ^ Infinity) >> 3 + 0 !== (undefined_2 && (undefined_2[undefined_2 && undefined_2[c = 1 + c, 
                            (0 | "undefined") != ("object" || 22), false >> /[a2][^e]+$/ ^ "object" >>> /[a2][^e]+$/]] = (foo_1 && (foo_1[c = 1 + c, 
                            4 >>> Infinity << (c = c + 1, null) ^ (0 - "a") ** (-0 - 4)] = /[a2][^e]+$/ === -0)) >>> (/[a2][^e]+$/ === [])));

                          case (c = c + 1) + [ (c = 1 + c, (38..toString() * "c" && [ , 0 ][1] << "object") ^ (foo_1 += (38..toString() & 23..toString()) >>> (undefined != "a"))) ]:
                            c = 1 + c, !(24..toString() >>> "a") - (+25 != (null ^ {}));
                            c = 1 + c, undefined_2 && (undefined_2[a++ + /[abc4]/.test((--b + [ (c = 1 + c, 
                            (NaN == 5) / (c = c + 1, "a") != (([ , 0 ].length === 2) * ([ , 0 ].length === 2) | [] << 2)), (c = 1 + c, 
                            ([ , 0 ][1] <= -3) + (foo_1 += NaN << [ , 0 ][1]) + (("c" ^ "") >> ("b" >= "foo"))), (c = 1 + c, 
                            ("" === 2) >>> ([] || 25) & (foo_1 && (foo_1[typeof arguments === "function"] = (false > -4) >> (true, 
                            24..toString())))) ][c = 1 + c, (c = c + 1, [ , 0 ].length === 2 && true) || Infinity != -2 | -0 << -4] || b || 5).toString())] -= (-0 === /[a2][^e]+$/ || -2 && "foo") ^ (c = c + 1, 
                            -2 >>> Infinity));
                            c = 1 + c, (foo_1 && (foo_1[c = 1 + c, 22 >> "undefined" >>> 23..toString() - ([ , 0 ].length === 2) >> ({} >= [] !== (foo_1 && ([ foo_1.get ] = [ (25, 
                            "a") ])))] = 2 | "a")) >> undefined + "object" << ((/[a2][^e]+$/ | /[a2][^e]+$/) > ("object" | "c"));
                            break;
                        }
                    }() ? --b + (1 === 1 ? a : b) : 38..toString();
                    L25225: for (var key33 in expr33) {
                        c = 1 + c;
                        var NaN_2 = expr33[key33];
                        {
                            var brake53 = 5;
                            while ({
                                get: a++ + (typeof key33 == "function" && --_calls_ >= 0 && key33(5)),
                                [a++ + [].next]: a++ + ((c = c + 1) + void a),
                                foo: {
                                    a: (c = 1 + c, (1, 1) << 24..toString() * 25 < (("b" ^ null) === delete null))
                                }[--b + -0]
                            } && --brake53 > 0) {
                                var key33_1 = (c = c + 1) + /[abc4]/.test((/[abc4]/.test(((c = 1 + c, 
                                (25 >> 38..toString()) * (5 / -4) & ((c = c + 1, 
                                "") || undefined_2 && (undefined_2[c = 1 + c, ((-4) ** -5, 
                                c = c + 1, 23..toString()) | (foo_1 = 22 / 22) ^ "bar" === Infinity] = -2 == -4))) || b || 5).toString()) || b || 5).toString()), foo_1 = (c = c + 1) + (a++ + 23..toString() ? {
                                    3: (c = 1 + c, c = c + 1, (3 + 5) / (NaN_2 += "a" * 4))
                                } : a++ + a--);
                            }
                        }
                    }
                }
            }() || b || 5).toString()) && --brake16 > 0);
        }
    } while (a++ + -(delete 0 > (Infinity && undefined) != ("" * this != "function" * ([ , 0 ].length === 2))) && --brake15 > 0);
}

console.log(null, a, b, c, Infinity, NaN, undefined);

// uglified code
// (beautified)
var n, e, t, o, f, i, a, r, c = 10, g = 100, u = 10, l = 0;

let s = ("" + (g++ + ("function" == typeof g && 0 <= --c && g()) || 7))[g && "function" == typeof g.a && 0 <= --c && g.a()];

for (e in n = "function" == typeof s && 0 <= --c && s(/[a2][^e]+$/)) {
    l = 1 + l, n[e], function f0(arguments_1_2, arguments_1) {
        var n, t;
        if (~(!1 <= 0 << -1 - ("" + -42n))) {
            for (n = 5; g && 0 < --n; ) {
                if (g++ + /[abc4]/g.exec(((l += 1) + (l = 1 + l, (((e && (e[l = 1 + l, 
                0 >> ("c" !== (2 === [ , 0 ].length)) && arguments_1 && (arguments_1[u] = 1)] += 0)) >= (l += 1, 
                0)) / ((arguments_1 && (arguments_1[l = 1 + l, NaN ^ ("b" & 2 === [ , 0 ].length) % ("" + -42n < 5)] += 22)) << 1) || g || 3).toString()) || u || 5).toString())) {
                    for (t = 5; (l += 1) + ++g && 0 < t; --t) {
                        l = 1 + l;
                    }
                }
            }
        } else {
            l += 1;
        }
    }(0, (l += 1) + [][u--], (g++, u--));
}

t = 5;

do {
    o = 5;
    do {
        switch (--u) {
          case {
                Infinity: "number" == typeof b_1
            }:
            l += 1;
            break;

          case s && "function" == typeof s.c && 0 <= --c && s.c():
            g = function f2({}, await_1, let_2) {
                for (var n in --u + NaN) {
                    l = 1 + l, (s && (s[l = 1 + l, NaN << (+("" + (0xdeadn << 16n | 0xbeefn)) <= "undefined") - ("" + -42n << (2 === [ , 0 ].length))] += !1)) / !0 && (l += 1), 
                    l = 1 + l, n && (n.async &= (2 === [ , 0 ].length) >>> 3), s && ([ s.value ] = [ -1 ]);
                }
            }({});
            break;

          case --u:
            for (f = 5; 0 < --f; ) {
                for (i in l = 1 + (1 + l + 1), 0) {
                    for (a in l = 1 + l, l = 1 + l, !1 + (l += 1, 2 === [ , 0 ].length)) {
                        l = 1 + l, l += 1;
                    }
                }
                for (r = 5; (l += 1) + NaN && 0 < r; --r) {}
            }

          default:
            l += 1, (delete g || g || 3).toString();
        }
    } while (/[abc4]/.test((function() {
        var n, t;
        for (n in l = 1 + l, --u, "38") {
            for (l = 1 + l, t = 5; g++, "function" == typeof n && 0 <= --c && n(5), 
            g++, g++, l = 1 + (l + 1), --u, 0 < --t; ) {
                l += 1, (/[abc4]/.test((l = 1 + l, (-0 & (l += 1, s && (s[l = 1 + l, 
                l += 1, 23] = !1)) || u || 5).toString())) || u || 5).toString(), 
                l += 1, g++, l = 1 + l, l += 1;
            }
        }
    }(), (u || 5).toString())) && 0 < --o);
} while (g++ - (0 != ("" * this != "function" * (2 === [ , 0 ].length))) && 0 < --t);

console.log(null, g, u, l, Infinity, NaN, void 0);

export {
    s as undefined_2
};

original result:
null 106 -8 12 Infinity NaN undefined

uglified result:
null 334 -68 432 Infinity NaN undefined

// reduced test case (output will differ)

// (beautified)
var expr33 = function() {
    return console.log(), 22;
    arguments;
}() ? 0 : 0..toString();

for (var key33 in expr33) {
    brake53;
}
// output: 
// 
// minify: ReferenceError: brake53 is not defined
// options: {
//   "compress": {
//     "hoist_vars": true,
//     "keep_infinity": true,
//     "passes": 1000000,
//     "unsafe": true
//   },
//   "keep_fargs": true,
//   "keep_fnames": true,
//   "toplevel": true,
//   "output": {
//     "v8": true
//   },
//   "validate": true
// }

minify(options):
{
  "compress": {
    "hoist_vars": true,
    "keep_infinity": true,
    "passes": 1000000,
    "unsafe": true
  },
  "keep_fargs": true,
  "keep_fnames": true,
  "toplevel": true,
  "output": {
    "v8": true
  }
}

Suspicious compress options:
  conditionals
  dead_code
  evaluate
  hoist_vars
  reduce_vars
  side_effects
  unsafe
  unused

The text was updated successfully, but these errors were encountered:

fixes mishoo#5626

fixes #5626

alexlamsl added the bug label Aug 23, 2022

alexlamsl added a commit to alexlamsl/UglifyJS that referenced this issue Aug 23, 2022

fix corner case in hoist_vars

f2e015f

fixes mishoo#5626

alexlamsl mentioned this issue Aug 23, 2022

fix corner case in hoist_vars #5627

Merged

alexlamsl closed this as completed in #5627 Aug 23, 2022

alexlamsl added a commit that referenced this issue Aug 23, 2022

fix corner case in hoist_vars (#5627)

4db8106

fixes #5626

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ufuzz failure #5626

ufuzz failure #5626

alexlamsl commented Aug 23, 2022

ufuzz failure #5626

ufuzz failure #5626

Comments

alexlamsl commented Aug 23, 2022