Commit e5497ee2 authored by ggaren@apple.com's avatar ggaren@apple.com
Browse files

JavaScriptCore:

2009-03-19  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Geoff Garen.

        Bug 23771: REGRESSION (r36016): JSObjectHasProperty freezes on global class without kJSClassAttributeNoAutomaticPrototype
        <https://bugs.webkit.org/show_bug.cgi?id=23771>
        <rdar://problem/6561016>

        * API/tests/testapi.c:
        (main): Add a test for this bug.
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::resetPrototype): Don't set the prototype of the
        last object in the prototype chain to the object prototype when the
        object prototype is already the last object in the prototype chain.

LayoutTests:

2009-03-19  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed <rdar://problem/6279213> Regular expression run-time complexity
        limit too low for long inputs (21485)
        
        Added a test for a complex regexp match that should succeed, and one
        that should fail.

        * fast/js/regexp-overflow-expected.txt:
        * fast/js/resources/regexp-overflow.js:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@41849 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent afe1b6e7
......@@ -21,6 +21,25 @@
 
* wtf/Platform.h: Added HAVE_RUNLOOP_TIMER for PLATFORM(MAC).
 
2009-03-19 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Fixed <rdar://problem/6279213> Regular expression run-time complexity
limit too low for long inputs (21485)
I raised PCRE's "matchLimit" (limit on backtracking) by an order of
magnitude. This fixes all the reported examples of timing out on legitimate
regular expression matches.
In my testing on a Core Duo MacBook Pro, the longest you can get stuck
trying to match a string is still under 1s, so this seems like a safe change.
I can think of a number of better solutions that are more complicated,
but this is a good improvement for now.
* pcre/pcre_exec.cpp:
2009-03-19 Geoffrey Garen <ggaren@apple.com>
 
Reviewed by Sam Weinig.
......@@ -175,7 +175,7 @@ reqByte match. */
/* The below limit restricts the number of "recursive" match calls in order to
avoid spending exponential time on complex regular expressions. */
static const unsigned matchLimit = 100000;
static const unsigned matchLimit = 1000000;
#ifdef DEBUG
/*************************************************
......
2009-03-19 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Fixed <rdar://problem/6279213> Regular expression run-time complexity
limit too low for long inputs (21485)
Added a test for a complex regexp match that should succeed, and one
that should fail.
* fast/js/regexp-overflow-expected.txt:
* fast/js/resources/regexp-overflow.js:
2009-03-19 Mark Rowe <mrowe@apple.com>
 
Reviewed by Sam Weinig.
......
......@@ -12,6 +12,8 @@ PASS /[¡]{4,6}/.exec("¡¡¡¡").toString() is "¡¡¡¡"
PASS /[¡]{1,100}[¡]{1,100}[¡]{1,100}[¡]{1,100}[¡]{1,100}[¡]{1,100}[¡]{1,100}[¡]{1,100}/.exec("¡¡¡¡¡¡¡¡").toString() is "¡¡¡¡¡¡¡¡"
PASS /{([\D-\ca]]„£µ+?)}|[[\B-\u00d4]√π- ]]]{0,3}/i.exec("B√π- ]]").toString() is "B√π- ]],"
PASS /|[x\B-\u00b5]/i.exec("").toString() is ""
PASS new RegExp(complexPattern).exec(complexInput)[0] is complexInput
PASS new RegExp(complexPattern + complexPattern).exec(complexInput + complexInput) is null
PASS new RegExp(s); threw exception SyntaxError: Invalid regular expression: regular expression too large.
PASS /(([ab]){30}){3360}/ threw exception SyntaxError: Invalid regular expression: regular expression too large.
PASS /(([ab]){30}){0,3360}/ threw exception SyntaxError: Invalid regular expression: regular expression too large.
......
......@@ -20,6 +20,20 @@ shouldBe('/[\u00A1]{1,100}[\u00A1]{1,100}[\u00A1]{1,100}[\u00A1]{1,100}[\u00A1]{
shouldBe('/{([\\D-\\ca]]„£µ+?)}|[[\\B-\\u00d4]√π- ]]]{0,3}/i.exec("B√π- ]]").toString()', '"B√π- ]],"');
shouldBe('/|[x\\B-\\u00b5]/i.exec("").toString()', '""');
var complexPattern = "";
for (var i = 0; i < 18; ++i)
complexPattern += "a?";
for (var i = 0; i < 18; ++i)
complexPattern += "a";
complexPattern = "(" + complexPattern + ")";
var complexInput = "";
for (var i = 0; i < 18; ++i)
complexInput += "a";
shouldBe('new RegExp(complexPattern).exec(complexInput)[0]', 'complexInput'); // Big but OK
shouldBe('new RegExp(complexPattern + complexPattern).exec(complexInput + complexInput)', 'null'); // Too big
var s = "a";
for (var i = 0; i < 21; i++)
s += s;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment