[webkit-changes] [WebKit/WebKit] 1c2510: [JSC] WTF::CrashOnOverflow::crash() with ''.search...
Michael Saboff
noreply at github.com
Tue May 23 14:49:15 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1c2510c51bca8fefd22f5f3eef3579c9e26bb211
https://github.com/WebKit/WebKit/commit/1c2510c51bca8fefd22f5f3eef3579c9e26bb211
Author: Michael Saboff <msaboff at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A JSTests/stress/regexp-duplicate-named-captures-interpreter.js
M JSTests/stress/regexp-duplicate-named-captures.js
M Source/JavaScriptCore/yarr/YarrInterpreter.cpp
Log Message:
-----------
[JSC] WTF::CrashOnOverflow::crash() with ''.search('(?<A>)|(?<A>)*\\k<A>');
https://bugs.webkit.org/show_bug.cgi?id=257180
rdar://109356634
Reviewed by Alexey Shvayka.
Updated the generic RegExp SubPattern byte code generation to add the duplicate named group ID to the
ByteTerm::Type::ParenthesesSubpattern only since we don't create an matching ParenthesesSubpatternEnd
byte term.
Also added code in recordParenthesesMatch() to set the subpatternId for the duplicate named group when
one of its subpatterns matches.
Added two new tests and since this only happened in the Yarr Interpreter, I created a test wrapper
that calls stress/regexp-duplicate-named-captures.js with the RegExp JIT turned off.
* JSTests/stress/regexp-duplicate-named-captures-interpreter.js: Added.
* JSTests/stress/regexp-duplicate-named-captures.js:
* Source/JavaScriptCore/yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::recordParenthesesMatch):
(JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
Canonical link: https://commits.webkit.org/264441@main
More information about the webkit-changes
mailing list