[webkit-changes] [WebKit/WebKit] 712efd: [JSC] RegExp quantifier should allow 2^53 - 1

SUZUKI Sosuke noreply at github.com
Sun Jul 14 11:05:26 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 712efd266cc921ce8e8e431e709f5cc8944eb7de
      https://github.com/WebKit/WebKit/commit/712efd266cc921ce8e8e431e709f5cc8944eb7de
  Author: Sosuke Suzuki <aosukeke at gmail.com>
  Date:   2024-07-14 (Sun, 14 Jul 2024)

  Changed paths:
    A JSTests/stress/regexp-max-quantifier.js
    M JSTests/test262/expectations.yaml
    M LayoutTests/fast/regex/overflow-expected.txt
    M LayoutTests/fast/regex/script-tests/overflow.js
    M Source/JavaScriptCore/yarr/Yarr.h
    M Source/JavaScriptCore/yarr/YarrParser.h

  Log Message:
  -----------
  [JSC] RegExp quantifier should allow 2^53 - 1
https://bugs.webkit.org/show_bug.cgi?id=276306

Reviewed by Yusuke Suzuki.

According to the spec[1][2] and the test[3], the range quantifier (/a{n,m}/) allows values for n and
m up to 2^53 - 1. However, the current JSC does not allow numbers larger than UINT_MAX, so it throws
a SyntaxError:

```
// Number.MAX_SAFE_INTEGER
new RegExp("a{9007199254740991}", "u");
// SyntaxError: Invalid regular expression: number too large in {} quantifier
```

This patch changes the handling of range quantifiers from unsigned to uint64_t, allowing numbers up
to 2^53 - 1 to be parsed. But since JSC string is <= INT32_MAX, we will never see a string larger
than that. Therefore, it casts from uint64_t to unsigned before passing to the parseQuantifier.

[1]: https://tc39.es/ecma262/#prod-QuantifierPrefix
[2]: https://tc39.es/ecma262/#prod-DecimalDigits
[3]: https://github.com/tc39/test262/blob/3a7a72aef5009eb22117231d40f9a5a66a9a595a/test/built-ins/RegExp/quantifier-integer-limit.js

* Source/JavaScriptCore/yarr/YarrParser.h:
(JSC::Yarr::Parser::parseQuantifier):
(JSC::Yarr::Parser::parseTokens):
(JSC::Yarr::Parser::consumeNumber64):

Canonical link: https://commits.webkit.org/280953@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list