[webkit-changes] [WebKit/WebKit] d85eaf: [JSC] CrashOnOverflow in CharacterClassConstructor...
Michael Saboff
noreply at github.com
Wed Mar 29 14:43:01 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d85eafff7c3dafd1bcc3feadc7fa1f6d1366096f
https://github.com/WebKit/WebKit/commit/d85eafff7c3dafd1bcc3feadc7fa1f6d1366096f
Author: Michael Saboff <msaboff at apple.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M JSTests/stress/regexp-vflag-property-of-strings.js
M Source/JavaScriptCore/yarr/YarrPattern.cpp
Log Message:
-----------
[JSC] CrashOnOverflow in CharacterClassConstructor::unicodeOpSorted()
https://bugs.webkit.org/show_bug.cgi?id=254582
rdar://107314153
Reviewed by Mark Lam.
CharacterClassConstructor::unicodeOpSorted() had a copy paste error in the rhsMatchesUnicode loop adding to the bitmap.
Two other issues were discovered in the process. First, setting the starting chunkLo off of all the LHS and RHS
inputs. The second issue was setting the bit at the character value instead of the chunk offset when processing
RHS ranges. In the process of making these changes, the bitmap names where change to match that we are handling chunks
and not ASCII characters.
* JSTests/stress/regexp-vflag-property-of-strings.js:
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::unicodeOpSorted):
Canonical link: https://commits.webkit.org/262290@main
More information about the webkit-changes
mailing list