Changeset 168983 in webkit for trunk/Source/JavaScriptCore/yarr


Ignore:
Timestamp:
May 16, 2014, 3:09:51 PM (11 years ago)
Author:
[email protected]
Message:

Crash in JSC::Yarr::YarrGenerator<(JSC::Yarr::YarrJITCompileMode)0>::generatePatternCharacterFixed() due to WTF::CrashOnOverflow::overflowed + 9
https://bugs.webkit.org/show_bug.cgi?id=133009

Reviewed by Oliver Hunt.

If we determine that any alternative requires a minumum match size greater than
INT_MAX, we handle the match in the interpreter.

Check to see if the pattern has unsigned lengths before invoking YARR JIT.

  • runtime/RegExp.cpp:

(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):

  • tests/stress/large-regexp.js: New test added.

Set m_containsUnsignedLengthPattern flag if any alternative's minimum length
doesn't fit in an int.

  • yarr/YarrPattern.cpp:

(JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets):

Clear new m_containsUnsignedLengthPattern flag.

  • yarr/YarrPattern.cpp:

(JSC::Yarr::YarrPattern::YarrPattern):

  • yarr/YarrPattern.h:

(JSC::Yarr::YarrPattern::reset):
(JSC::Yarr::YarrPattern::containsUnsignedLengthPattern):

Location:
trunk/Source/JavaScriptCore/yarr
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp

    r157653 r168983  
    667667            maximumCallFrameSize = std::max(maximumCallFrameSize, currentAlternativeCallFrameSize);
    668668            hasFixedSize &= alternative->m_hasFixedSize;
     669            if (alternative->m_minimumSize > INT_MAX)
     670                m_pattern.m_containsUnsignedLengthPattern = true;
    669671        }
    670672       
     
    865867    , m_containsBackreferences(false)
    866868    , m_containsBOL(false)
     869    , m_containsUnsignedLengthPattern(false)
    867870    , m_numSubpatterns(0)
    868871    , m_maxBackReference(0)

  • trunk/Source/JavaScriptCore/yarr/YarrPattern.h

    r163310 r168983  
    313313        m_containsBackreferences = false;
    314314        m_containsBOL = false;
     315        m_containsUnsignedLengthPattern = false;
    315316
    316317        newlineCached = 0;
     
    331332    }
    332333
     334    bool containsUnsignedLengthPattern()
     335    {
     336        return m_containsUnsignedLengthPattern;
     337    }
     338
    333339    CharacterClass* newlineCharacterClass()
    334340    {
     
    378384    bool m_containsBackreferences : 1;
    379385    bool m_containsBOL : 1;
     386    bool m_containsUnsignedLengthPattern : 1;
    380387    unsigned m_numSubpatterns;
    381388    unsigned m_maxBackReference;
Note: See TracChangeset for help on using the changeset viewer.