Commit 633f239b authored by msaboff@apple.com's avatar msaboff@apple.com
Browse files

2011-01-20 Michael Saboff <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
        https://bugs.webkit.org/show_bug.cgi?id=52773

        Fixed case where an existing DataLabelPtr is overwritten.  The
        replacing DataLabelPtr is now resolved immediately in
        linkDataLabelToBacktrackIfExists().  Cleanup - eliminated bool
        return value for the routine as it was never used.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
2011-01-20  Michael Saboff  <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
        https://bugs.webkit.org/show_bug.cgi?id=52773

        New test to validate fix.

        * fast/regex/parentheses-expected.txt:
        * fast/regex/script-tests/parentheses.js:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76275 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent d7140cc3
2011-01-20 Michael Saboff <msaboff@apple.com>
Reviewed by Oliver Hunt.
<rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
https://bugs.webkit.org/show_bug.cgi?id=52773
New test to validate fix.
* fast/regex/parentheses-expected.txt:
* fast/regex/script-tests/parentheses.js:
2011-01-20 Dirk Schulze <krit@webkit.org>
 
Reviewed by Rob Buis.
......
......@@ -74,6 +74,7 @@ PASS regexp42.exec('4321') is ['4','4','4']
PASS /(?!(?=r{0}){2,})|((z)?)?/gi.test('') is true
PASS regexp43.exec('SSS') is ['']
PASS regexp44.exec('SSS') is ['',undefined]
PASS regexp45.exec('vt') is null
PASS 'Hi Bob'.match(/(Rob)|(Bob)|(Robert)|(Bobby)/) is ['Bob',undefined,'Bob',undefined,undefined]
PASS successfullyParsed is true
......
......@@ -199,6 +199,9 @@ shouldBe("regexp43.exec('SSS')", "['']");
var regexp44 = /(?!(?:\3+(s+?)))/gy;
shouldBe("regexp44.exec('SSS')", "['',undefined]");
var regexp45 = /((?!(?:|)v{2,}|))/;
shouldBeNull("regexp45.exec('vt')");
shouldBe("'Hi Bob'.match(/(Rob)|(Bob)|(Robert)|(Bobby)/)", "['Bob',undefined,'Bob',undefined,undefined]");
var successfullyParsed = true;
......
2011-01-20 Michael Saboff <msaboff@apple.com>
Reviewed by Oliver Hunt.
<rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
https://bugs.webkit.org/show_bug.cgi?id=52773
Fixed case where an existing DataLabelPtr is overwritten. The
replacing DataLabelPtr is now resolved immediately in
linkDataLabelToBacktrackIfExists(). Cleanup - eliminated bool
return value for the routine as it was never used.
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
2011-01-20 Andras Becsi <abecsi@webkit.org>
 
Reviewed by Csaba Osztrogonác.
......
......@@ -639,8 +639,10 @@ class YarrGenerator : private MacroAssembler {
if (m_subDataLabelPtr) {
*m_subDataLabelPtr = dp;
m_subDataLabelPtr = 0;
} else
} else {
ASSERT(!hasDataLabel());
m_dataLabelPtr = dp;
}
}
void clearSubDataLabelPtr()
......@@ -930,24 +932,19 @@ class YarrGenerator : private MacroAssembler {
return m_backtrack.plantJumpToBacktrackIfExists(generator);
}
bool linkDataLabelToBacktrackIfExists(YarrGenerator* generator, DataLabelPtr dataLabel)
void linkDataLabelToBacktrackIfExists(YarrGenerator* generator, DataLabelPtr dataLabel)
{
// If we have a stack offset backtrack destination, use it directly
if (m_backtrack.isStackOffset()) {
generator->m_expressionState.addIndirectJumpEntry(m_backtrack.getStackOffset(), dataLabel);
m_backtrack.clearSubDataLabelPtr();
} else {
// Otherwise set the data label (which may be linked)
setBacktrackDataLabel(dataLabel);
if ((m_backtrack.isLabel()) && (m_backtrack.hasDataLabel())) {
generator->m_expressionState.m_backtrackRecords.append(AlternativeBacktrackRecord(m_backtrack.getDataLabel(), m_backtrack.getLabel()));
m_backtrack.clearDataLabel();
return true;
}
// If we have a backtrack label, connect the datalabel to it directly.
if (m_backtrack.isLabel())
generator->m_expressionState.m_backtrackRecords.append(AlternativeBacktrackRecord(dataLabel, m_backtrack.getLabel()));
else
setBacktrackDataLabel(dataLabel);
}
return false;
}
void addBacktrackJump(Jump jump)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment