[Webkit-unassigned] [Bug 248809] Inconsistent output compared with other JS engines when using RegExp.prototype.exec()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 13 13:33:45 PDT 2023


https://bugs.webkit.org/show_bug.cgi?id=248809

--- Comment #2 from Michael Saboff <msaboff at apple.com> ---
Is there a webpage that has a webpage with a RegExp with this pattern?

The regex in question fails in the JSC RegExp JIT due to running out of memory for handling the greedy parenthesis backtracking and then the iRegExp interpreter tries the match exceeding the 1,000,000 maximum disjunction match count.

If the RegExp is minimum count for the word character is changed from 0 to 1, the match succeeds in the JIT.  e.g. regex=/([A-z]?\w{1,7})+(?:\1)/

There still may be a bug here.  I will investigate further.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230313/ca0640e0/attachment-0001.htm>


More information about the webkit-unassigned mailing list