Commit b1155bd1 authored by msaboff@apple.com's avatar msaboff@apple.com
Browse files

2011-01-17 Michael Saboff <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        [regexfuzz] Crash running regex with lookahead
        https://bugs.webkit.org/show_bug.cgi?id=52548

        Eliminated agressive chaining of backtracks.  This code was overwriting
        already valid backtrack information.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::ParenthesesTail::processBacktracks):
2011-01-17  Michael Saboff  <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        [regexfuzz] Crash running regex with lookahead
        https://bugs.webkit.org/show_bug.cgi?id=52548

        New tests from regex fuzzer.

        * fast/regex/parentheses-expected.txt:
        * fast/regex/script-tests/parentheses.js:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75991 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 212b8fc1
2011-01-17 Michael Saboff <msaboff@apple.com>
Reviewed by Oliver Hunt.
[regexfuzz] Crash running regex with lookahead
https://bugs.webkit.org/show_bug.cgi?id=52548
New tests from regex fuzzer.
* fast/regex/parentheses-expected.txt:
* fast/regex/script-tests/parentheses.js:
2011-01-17 Dmitry Titov <dimich@chromium.org>
 
[Chromium] Not reviewed, test expectations update.
......
......@@ -58,6 +58,16 @@ PASS regexp38.exec('xx') is ['xx','xx','xx']
PASS regexp38.exec('b') is ['b','b',undefined]
PASS regexp38.exec('z') is ['z','z',undefined]
PASS regexp38.exec('') is ['','',undefined]
PASS regexp39.exec('') is ['',undefined,undefined]
PASS regexp39.exec('8') is ['8','8',undefined]
PASS regexp39.exec('zP') is ['',undefined,undefined]
PASS regexp40.exec('') is ['',undefined,undefined,undefined,'']
PASS regexp40.exec('8') is ['8','8','8',undefined,'']
PASS regexp40.exec('zPz') is ['',undefined,undefined,undefined,'']
PASS regexp40.exec('zPPz') is ['',undefined,undefined,undefined,'']
PASS regexp40.exec('zPPPz') is ['',undefined,undefined,undefined,'']
PASS regexp40.exec('zPPPPz') is ['',undefined,undefined,undefined,'']
PASS /(?!(?=r{0}){2,})|((z)?)?/gi.test('') is true
PASS 'Hi Bob'.match(/(Rob)|(Bob)|(Robert)|(Bobby)/) is ['Bob',undefined,'Bob',undefined,undefined]
PASS successfullyParsed is true
......
......@@ -170,6 +170,21 @@ shouldBe("regexp38.exec('b')", "['b','b',undefined]");
shouldBe("regexp38.exec('z')", "['z','z',undefined]");
shouldBe("regexp38.exec('')", "['','',undefined]");
var regexp39 = /(8|((?=P)))?/;
shouldBe("regexp39.exec('')", "['',undefined,undefined]");
shouldBe("regexp39.exec('8')", "['8','8',undefined]");
shouldBe("regexp39.exec('zP')", "['',undefined,undefined]");
var regexp40 = /((8)|((?=P){4}))?()/;
shouldBe("regexp40.exec('')", "['',undefined,undefined,undefined,'']");
shouldBe("regexp40.exec('8')", "['8','8','8',undefined,'']");
shouldBe("regexp40.exec('zPz')", "['',undefined,undefined,undefined,'']");
shouldBe("regexp40.exec('zPPz')", "['',undefined,undefined,undefined,'']");
shouldBe("regexp40.exec('zPPPz')", "['',undefined,undefined,undefined,'']");
shouldBe("regexp40.exec('zPPPPz')", "['',undefined,undefined,undefined,'']");
shouldBeTrue("/(?!(?=r{0}){2,})|((z)?)?/gi.test('')");
shouldBe("'Hi Bob'.match(/(Rob)|(Bob)|(Robert)|(Bobby)/)", "['Bob',undefined,'Bob',undefined,undefined]");
var successfullyParsed = true;
......
2011-01-17 Michael Saboff <msaboff@apple.com>
Reviewed by Oliver Hunt.
[regexfuzz] Crash running regex with lookahead
https://bugs.webkit.org/show_bug.cgi?id=52548
Eliminated agressive chaining of backtracks. This code was overwriting
already valid backtrack information.
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::ParenthesesTail::processBacktracks):
2011-01-17 Tony Gentilcore <tonyg@chromium.org>
 
Reviewed by Alexey Proskuryakov.
......
......@@ -981,12 +981,6 @@ class YarrGenerator : private MacroAssembler {
m_linkedBacktrack->linkToNextBacktrack(followonBacktrack);
}
void chainBacktrackJumps(JumpList* jumpList)
{
if (m_linkedBacktrack && !(m_linkedBacktrack->hasDestination()))
m_linkedBacktrack->setBacktrackJumpList(jumpList);
}
BacktrackDestination& getBacktrackDestination()
{
return m_backtrack;
......@@ -1050,8 +1044,6 @@ class YarrGenerator : private MacroAssembler {
stateBacktrack.setBacktrackJumpList(&m_pattBacktrackJumps);
stateBacktrack.setBacktrackSourceLabel(&m_backtrackFromAfterParens);
}
parenthesesState.chainBacktrackJumps(&m_pattBacktrackJumps);
}
void setNextIteration(Label nextIteration)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment