'<!\n' causes java.lang.IllegalStateException: FAILED ASSERTION

[sideshowbarker]

The (syntactically-invalid) character sequence <!\n (<! followed by a newline) causes Rhino to throw java.lang.IllegalStateException: FAILED ASSERTION (see stack trace below).

It should instead just cause a parse error.

Here are few websites that have script elements with that <!\n sequence —

http://arc-n-ciel.ucoz.ru/ http://indigo-clen.at.ua/ http://zavalkevich.at.ua/ http://mp654k.at.ua/ http://shinar.ucoz.ru/ http://gcteam.ucoz.ru/ http://rockbook.hu http://allshoes.at.ua/ http://avrillavignefun.moy.su/

The sites all seem to have something similar to the following:

<!--LiveInternet counter--><script type="text/javascript"><!
document.write("<a href='http://www.liveinternet.ru/click' "+
"target=_blank><img src='//counter.yadro.ru/hit?t12.16;r"+
escape(document.referrer)+((typeof(screen)=="undefined")?"":
";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?
screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+
";"+Math.random()+
"' alt='' title='LiveInternet: показано число просмотров за 24"+
" часа, посетителей за 24 часа и за сегодня' "+
"border='0' width='88' height='31'><\/a>")
//></script><!--/LiveInternet-->

The stack trace I get looks like this:

java.lang.IllegalStateException: FAILED ASSERTION
        at org.mozilla.javascript.Kit.codeBug(Kit.java:417)
        at org.mozilla.javascript.TokenStream.ungetChar(TokenStream.java:1455)
        at org.mozilla.javascript.TokenStream.peekChar(TokenStream.java:1475)
        at org.mozilla.javascript.TokenStream.getNextXMLToken(TokenStream.java:1217)
        at org.mozilla.javascript.TokenStream.getFirstXMLToken(TokenStream.java:1159)
        at org.mozilla.javascript.Parser.xmlInitializer(Parser.java:2573)
        at org.mozilla.javascript.Parser.unaryExpr(Parser.java:2548)
        at org.mozilla.javascript.Parser.mulExpr(Parser.java:2478)
        at org.mozilla.javascript.Parser.addExpr(Parser.java:2462)
        at org.mozilla.javascript.Parser.shiftExpr(Parser.java:2443)
        at org.mozilla.javascript.Parser.relExpr(Parser.java:2418)
        at org.mozilla.javascript.Parser.eqExpr(Parser.java:2390)
        at org.mozilla.javascript.Parser.bitAndExpr(Parser.java:2379)
        at org.mozilla.javascript.Parser.bitXorExpr(Parser.java:2368)
        at org.mozilla.javascript.Parser.bitOrExpr(Parser.java:2357)
        at org.mozilla.javascript.Parser.andExpr(Parser.java:2346)
        at org.mozilla.javascript.Parser.orExpr(Parser.java:2335)
        at org.mozilla.javascript.Parser.condExpr(Parser.java:2299)
        at org.mozilla.javascript.Parser.assignExpr(Parser.java:2255)
        at org.mozilla.javascript.Parser.expr(Parser.java:2234)
        at org.mozilla.javascript.Parser.statementHelper(Parser.java:1247)
        at org.mozilla.javascript.Parser.statement(Parser.java:1109)
        at org.mozilla.javascript.Parser.parse(Parser.java:648)
        at org.mozilla.javascript.Parser.parse(Parser.java:607)
        at org.mozilla.javascript.Context.compileImpl(Context.java:2524)
        at org.mozilla.javascript.Context.compileReader(Context.java:1468)

[sainaen]

Yep, it’s a bug.

TokenStream’s ungetChar() cannot “unread” past across the line boundary (I don’t know why yet) and because we think that <! is a start of an XML token (like <!-- or <![CDATA), we call the peekChar() that in turn calls getChar() (skips \n and returns 'd' from the next line) and then ungetChar() which throws.

If it’s something that is critical for you, @sideshowbarker, you can disable E4X feature until the fix is available.

[sideshowbarker]

Thanks for troubleshooting this and identifying the cause.

If it’s something that is critical for you, @sideshowbarker, you can disable E4X feature until the fix is available.

OK — but it’s not critical for me, so I reckon I’ll just wait for the fix