Fix "unhandled exception occurs when a private variable increments"

hvwyl · hvwyl · commit 51bfe3ddb626 · 2025-07-11T23:54:45.000+08:00
diff --git a/jerry-core/parser/js/js-parser-expr.c b/jerry-core/parser/js/js-parser-expr.c
@@ -289,29 +289,34 @@ parser_emit_unary_lvalue_opcode (parser_context_t *context_p, /**< context */
   {
     context_p->last_cbc_opcode = PARSER_PUSH_PROP_LITERAL_TO_PUSH_LITERAL (context_p->last_cbc_opcode);
   }
-  else
+  else if (context_p->last_cbc_opcode == PARSER_TO_EXT_OPCODE (CBC_EXT_PUSH_PRIVATE_PROP_LITERAL))
   {
-    /* Invalid LeftHandSide expression. */
     if (opcode == CBC_DELETE_PUSH_RESULT)
     {
-      if (context_p->last_cbc_opcode == PARSER_TO_EXT_OPCODE (CBC_EXT_PUSH_PRIVATE_PROP_LITERAL))
-      {
-        parser_raise_error (context_p, PARSER_ERR_DELETE_PRIVATE_FIELD);
-      }
-
-      if (context_p->last_cbc_opcode == PARSER_TO_EXT_OPCODE (CBC_EXT_PUSH_SUPER_PROP_LITERAL)
-          || context_p->last_cbc_opcode == PARSER_TO_EXT_OPCODE (CBC_EXT_PUSH_SUPER_PROP))
-      {
-        parser_emit_cbc_ext (context_p, CBC_EXT_THROW_REFERENCE_ERROR);
-        parser_emit_cbc (context_p, CBC_POP);
-        return;
-      }
+      parser_raise_error (context_p, PARSER_ERR_DELETE_PRIVATE_FIELD);
+      goto Invalid_LeftHandSide;
+    }
+    context_p->last_cbc_opcode = PARSER_TO_EXT_OPCODE (CBC_EXT_PUSH_PRIVATE_PROP_LITERAL_REFERENCE);
+  }
+  else if (opcode == CBC_DELETE_PUSH_RESULT)
+  {
+    /* Invalid LeftHandSide expression. */
+    Invalid_LeftHandSide:
 
+    if (context_p->last_cbc_opcode == PARSER_TO_EXT_OPCODE (CBC_EXT_PUSH_SUPER_PROP_LITERAL)
+        || context_p->last_cbc_opcode == PARSER_TO_EXT_OPCODE (CBC_EXT_PUSH_SUPER_PROP))
+    {
+      parser_emit_cbc_ext (context_p, CBC_EXT_THROW_REFERENCE_ERROR);
       parser_emit_cbc (context_p, CBC_POP);
-      parser_emit_cbc (context_p, CBC_PUSH_TRUE);
       return;
     }
 
+    parser_emit_cbc (context_p, CBC_POP);
+    parser_emit_cbc (context_p, CBC_PUSH_TRUE);
+    return;
+  }
+  else
+  {
     parser_check_invalid_new_target (context_p, opcode);
     if (opcode == CBC_PRE_INCR || opcode == CBC_PRE_DECR)
     {
diff --git a/jerry-core/vm/vm.c b/jerry-core/vm/vm.c
@@ -2955,6 +2955,20 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
         case VM_OC_PROP_PRE_DECR:
         case VM_OC_PROP_POST_INCR:
         case VM_OC_PROP_POST_DECR:
+        if (byte_code_start_p[-3] == CBC_EXT_OPCODE
+            && byte_code_start_p[-2] == CBC_EXT_PUSH_PRIVATE_PROP_LITERAL_REFERENCE)
+        {
+          if (opcode < CBC_PRE_INCR)
+          {
+            break;
+          }
+          result = right_value;
+          stack_top_p += 1;
+          left_value = right_value;
+          /* Use right_value as the marker for private field */
+          right_value = ECMA_VALUE_EMPTY;
+        }
+        else
         {
           result = vm_op_get_value (left_value, right_value);
 
@@ -3018,7 +3032,7 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
               }
 
               result = (ecma_value_t) (int_value + int_increase);
-              break;
+              goto unary_arithmetic_operation_break;
             }
             result_number = (ecma_number_t) ecma_get_integer_from_value (result);
           }
@@ -3068,7 +3082,7 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
               {
                 goto error;
               }
-              break;
+              goto unary_arithmetic_operation_break;
             }
 #endif /* JERRY_BUILTIN_BIGINT */
 
@@ -3089,7 +3103,7 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
             POST_INCREASE_DECREASE_PUT_RESULT (result);
 
             result = ecma_make_number_value (result_number + increase);
-            break;
+            goto unary_arithmetic_operation_break;
           }
 
           if (ecma_is_value_integer_number (result))
@@ -3100,6 +3114,35 @@ vm_loop (vm_frame_ctx_t *frame_ctx_p) /**< frame context */
           {
             result = ecma_update_float_number (result, result_number + increase);
           }
+          unary_arithmetic_operation_break:
+          if (JERRY_UNLIKELY (right_value == ECMA_VALUE_EMPTY))
+          {
+            right_value = ECMA_VALUE_UNDEFINED;
+
+            if (opcode_data & VM_OC_PUT_REFERENCE)
+            {
+              ecma_value_t property = *(--stack_top_p);
+              ecma_value_t base = *(--stack_top_p);
+              ecma_value_t set_value_result = opfunc_private_set (base, property, result);
+              ecma_free_value (base);
+              ecma_free_value (property);
+
+              if (ECMA_IS_VALUE_ERROR (set_value_result))
+              {
+                ecma_free_value (result);
+                result = set_value_result;
+                goto error;
+              }
+
+              if (!(opcode_data & (VM_OC_PUT_STACK | VM_OC_PUT_BLOCK)))
+              {
+                ecma_fast_free_value (result);
+                goto free_both_values;
+              }
+
+              opcode_data &= (uint32_t) ~VM_OC_PUT_REFERENCE;
+            }
+          }
           break;
         }
         case VM_OC_ASSIGN:
