[Webkit-unassigned] [Bug 47324] New: REGRESSION(r68204-r68242): Crash during execution of String.replace with specific regular expression
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 6 20:46:29 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=47324
Summary: REGRESSION(r68204-r68242): Crash during execution of
String.replace with specific regular expression
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.6
Status: UNCONFIRMED
Severity: Major
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ben.dyer at taguchimail.com
Created an attachment (id=70032)
--> (https://bugs.webkit.org/attachment.cgi?id=70032)
Crash report
Loading WebKit r69221 and executing the following line of JavaScript in the console results in a crash:
'"'.replace(/([^\\])?(["'])/g, '$1\\$2')
The crash occurs when the script is executed on the console after inspecting the start page, or a blank page. When other pages are viewed, results differ; for instance, running the script after loading http://www.apple.com/ results in the following output:
"!\""
Loading http://www.google.com.au/ and running the same script results in:
"!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~\""
Neither of the above results is correct; expected result from Safari Version 5.0.2 [6533.18.5] and WebKit nightlies up to and including r68204 is "\"".
The exact output (and whether the script crashes or just returns unexpected results) depends on the page loaded and the build of WebKit. However, all WebKit nightlies from r68242 onwards exhibit incorrect behaviour.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list