From 566dc5b315e55beaee72b3e85364cf0205297c63 Mon Sep 17 00:00:00 2001
From: Jim Blandy <jimb@mozilla.com>
Date: Tue, 18 Nov 2014 14:01:38 -0800
Subject: [PATCH] Bug 1098132: Correctly set the source position of the
 function's parse node when parsing lazy functions. r=luke

---
 js/src/frontend/Parser.cpp                            | 5 +++++
 js/src/jit-test/tests/parser/lazy-parse-bad-offset.js | 5 +++++
 2 files changed, 10 insertions(+)
 create mode 100644 js/src/jit-test/tests/parser/lazy-parse-bad-offset.js

diff --git a/js/src/frontend/Parser.cpp b/js/src/frontend/Parser.cpp
index 233bc7a9a951..32bbc6dba4a3 100644
--- a/js/src/frontend/Parser.cpp
+++ b/js/src/frontend/Parser.cpp
@@ -2438,6 +2438,11 @@ Parser<FullParseHandler>::standaloneLazyFunction(HandleFunction fun, unsigned st
     if (!pn)
         return null();
 
+    // Our tokenStream has no current token, so pn's position is garbage.
+    // Substitute the position of the first token in our source.
+    if (!tokenStream.peekTokenPos(&pn->pn_pos))
+        return null();
+
     Directives directives(/* strict = */ strict);
     FunctionBox *funbox = newFunctionBox(pn, fun, /* outerpc = */ nullptr, directives,
                                          generatorKind);
diff --git a/js/src/jit-test/tests/parser/lazy-parse-bad-offset.js b/js/src/jit-test/tests/parser/lazy-parse-bad-offset.js
new file mode 100644
index 000000000000..4b4ef1ba9efb
--- /dev/null
+++ b/js/src/jit-test/tests/parser/lazy-parse-bad-offset.js
@@ -0,0 +1,5 @@
+// Bug 1098132: Shouldn't assert.
+
+options('strict');
+function eval() {};
+eval();