From a9aac087900299e2fb367b25f68fecc10487ebff Mon Sep 17 00:00:00 2001
From: Jonatan Klemets <jonatan.r.klemets@gmail.com>
Date: Thu, 14 Apr 2022 19:08:03 +0000
Subject: [PATCH] Bug 1764737 - Add missing OOM checks in
 GeneralParser<ParseHandler, Unit>::exportFrom. r=mgaudet

Differential Revision: https://phabricator.services.mozilla.com/D143751
---
 js/src/frontend/Parser.cpp                  | 6 ++++++
 js/src/jit-test/tests/parser/bug-1764737.js | 9 +++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 js/src/jit-test/tests/parser/bug-1764737.js

diff --git a/js/src/frontend/Parser.cpp b/js/src/frontend/Parser.cpp
index cfe390fdfaed..981a9bfa019d 100644
--- a/js/src/frontend/Parser.cpp
+++ b/js/src/frontend/Parser.cpp
@@ -5703,6 +5703,9 @@ GeneralParser<ParseHandler, Unit>::exportFrom(uint32_t begin, Node specList) {
 
   ListNodeType importAssertionList =
       handler_.newList(ParseNodeKind::ImportAssertionList, pos());
+  if (!importAssertionList) {
+    return null();
+  }
   if (tt == TokenKind::Assert) {
     tokenStream.consumeKnownToken(TokenKind::Assert,
                                   TokenStream::SlashIsRegExp);
@@ -5718,6 +5721,9 @@ GeneralParser<ParseHandler, Unit>::exportFrom(uint32_t begin, Node specList) {
 
   BinaryNodeType moduleRequest = handler_.newModuleRequest(
       moduleSpec, importAssertionList, TokenPos(moduleSpecPos, pos().end));
+  if (!moduleRequest) {
+    return null();
+  }
 
   BinaryNodeType node =
       handler_.newExportFromDeclaration(begin, specList, moduleRequest);
diff --git a/js/src/jit-test/tests/parser/bug-1764737.js b/js/src/jit-test/tests/parser/bug-1764737.js
new file mode 100644
index 000000000000..0fcc39e27621
--- /dev/null
+++ b/js/src/jit-test/tests/parser/bug-1764737.js
@@ -0,0 +1,9 @@
+// |jit-test| skip-if: !('oomTest' in this); --fuzzing-safe; --ion-offthread-compile=off
+
+function r(src) {
+  oomTest(function() {
+      parseModule(src);
+  });
+}
+r("export * from 'y';");
+r("export * from 'y';");