From 92eab1c4824396d3cbfa57b913e07075012c5f28 Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@python.org>
Date: Tue, 31 Jul 2012 09:26:55 -0700
Subject: [PATCH] Bug 777834 - Don't call into the tokenizer if it's in an
 error state. r=jorendorff

---
 js/src/frontend/Parser.cpp                                   | 3 +++
 .../tests/basic/function-tosource-exprbody-bug777834.js      | 5 +++++
 2 files changed, 8 insertions(+)
 create mode 100644 js/src/jit-test/tests/basic/function-tosource-exprbody-bug777834.js

diff --git a/js/src/frontend/Parser.cpp b/js/src/frontend/Parser.cpp
index a3660060e90d..376323748ec9 100644
--- a/js/src/frontend/Parser.cpp
+++ b/js/src/frontend/Parser.cpp
@@ -1628,6 +1628,9 @@ Parser::functionDef(HandlePropertyName funName, FunctionType type, FunctionSynta
         funbox->bufEnd = tokenStream.offsetOfToken(tokenStream.currentToken()) + 1;
 #if JS_HAS_EXPR_CLOSURES
     } else {
+        // We shouldn't call endOffset if the tokenizer got an error.
+        if (tokenStream.hadError())
+            return NULL;
         funbox->bufEnd = tokenStream.endOffset(tokenStream.currentToken());
         if (kind == Statement && !MatchOrInsertSemicolon(context, &tokenStream))
             return NULL;
diff --git a/js/src/jit-test/tests/basic/function-tosource-exprbody-bug777834.js b/js/src/jit-test/tests/basic/function-tosource-exprbody-bug777834.js
new file mode 100644
index 000000000000..be5d60ccd55f
--- /dev/null
+++ b/js/src/jit-test/tests/basic/function-tosource-exprbody-bug777834.js
@@ -0,0 +1,5 @@
+load(libdir + "asserts.js");
+
+assertThrowsInstanceOf(function () {
+    eval("function f()((l()))++2s");
+}, SyntaxError);