[Webkit-unassigned] [Bug 187042] RegExp.exec returns wrong value with a long integer quantifier

Sun Jul 1 13:41:35 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=187042

--- Comment #11 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 344052
  --> https://bugs.webkit.org/attachment.cgi?id=344052
Forgot to update ChangeLog

View in context: https://bugs.webkit.org/attachment.cgi?id=344052&action=review

I'd like Michael Saboff to take a look at the RegExp test changes.

> Source/JavaScriptCore/yarr/YarrParser.h:985
> +            if (n.hasOverflowed()) {
> +                do {
> +                    consume();
> +                } while (peekIsDigit());
> +                return quantifyInfinite;
> +            }

This extra overflow check is not needed because in the overflow case: 1. we still need to interate all digits anyway, and the cost of the computation of n is not that expensive, and 2. overflows rarely happen.  We should favor the normal (non-overflow) case by not adding extra overflow checks to it.

> Source/JavaScriptCore/yarr/YarrParser.h:988
> +        return n.unsafeGet();

Do this here:
    return n.hasOverflowed() ? quantifyInfinite : n.unsafeGet();

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180701/b6e301d1/attachment.html>