From 10f922107838d21d343845a1f4047bf7aed84207 Mon Sep 17 00:00:00 2001
From: Vadim Zhestikov <v.zhestikov@f5.com>
Date: Tue, 13 May 2025 10:40:26 -0700
Subject: [PATCH] Fixed special case of 'for' statement parsing.

Found by OSS-Fuzz.
---
 src/njs_parser.c         | 1 +
 src/test/njs_unit_test.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/src/njs_parser.c b/src/njs_parser.c
index 50cee6726..d061e748e 100644
--- a/src/njs_parser.c
+++ b/src/njs_parser.c
@@ -5740,6 +5740,7 @@ njs_parser_iteration_statement_for_map(njs_parser_t *parser,
         goto expression_after;
 
     case NJS_TOKEN_AWAIT:
+    case NJS_TOKEN_FUNCTION:
         njs_parser_next(parser, njs_parser_expression);
 
         goto expression_after;
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index 2227c0a63..0ef2c7f0e 100644
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -2989,6 +2989,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("for(i;;)for(-new+3;;)break;"),
       njs_str("SyntaxError: Unexpected token \"+\" in 1") },
 
+    { njs_str("for(function(){r({/a/;0;1)1"),
+      njs_str("SyntaxError: Unexpected token \"/\" in 1") },
+
     /* switch. */
 
     { njs_str("switch"),