[webkit-reviews] review denied: [Bug 52773] [RegexFuzz] Crash in generated code : [Attachment 79611] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 20 10:24:00 PST 2011
Oliver Hunt <oliver at apple.com> has denied Michael Saboff <msaboff at apple.com>'s
request for review:
Bug 52773: [RegexFuzz] Crash in generated code
https://bugs.webkit.org/show_bug.cgi?id=52773
Attachment 79611: Patch
https://bugs.webkit.org/attachment.cgi?id=79611&action=review
------- Additional Comments from Oliver Hunt <oliver at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=79611&action=review
> Source/JavaScriptCore/yarr/YarrJIT.cpp:944
> + // If we have a backtrack label, connect the datalabel to it
directly.
> + if (m_backtrack.isLabel())
> +
generator->m_expressionState.m_backtrackRecords.append(AlternativeBacktrackReco
rd(dataLabel, m_backtrack.getLabel()));
> + else
> + setBacktrackDataLabel(dataLabel);
Is it at all possible to add an assertion so the we catch any attempt to
clobber a label in future?
Also this doesn't appear to clear m_backtrack any more so afaict every label
will be pushed onto the backtrack record stack
> Source/WebCore/ChangeLog:11
> +2011-01-20 Michael Saboff <msaboff at apple.com>
> +
> + Reviewed by NOBODY (OOPS!).
> +
> + Need a short description and bug URL (OOPS!)
> +
> + * WebCore.xcodeproj/project.pbxproj:
> +
> 2011-01-20 Andreas Kling <kling at webkit.org>
>
> Reviewed by Ariya Hidayat.
No changes to webcore => this changelog is bogus
More information about the webkit-reviews
mailing list