Changeset 191364 in webkit for trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp

Timestamp:

Oct 20, 2015, 4:38:41 PM (10 years ago)

Author:

[email protected]

Message:

YarrPatternConstructor::containsCapturingTerms() should not assume that its terms.size() is greater than 0.
​https://bugs.webkit.org/show_bug.cgi?id=150372

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

• yarr/YarrPattern.cpp:

(JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
(JSC::Yarr::YarrPatternConstructor::optimizeBOL):
(JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
(JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):

LayoutTests:

• js/regress-150372-expected.txt: Added.
• js/regress-150372.html: Added.
• js/script-tests/regress-150372.js: Added.

File:

• trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp (modified) (4 diffs)

trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp

@@ -740 +740 @@
     }
 
-    bool containsCapturingTerms(PatternAlternative* alternative, size_t firstTermIndex, size_t lastTermIndex)
+    bool containsCapturingTerms(PatternAlternative* alternative, size_t firstTermIndex, size_t endIndex)
     {
         Vector<PatternTerm>& terms = alternative->m_terms;
 
-        for (size_t termIndex = firstTermIndex; termIndex <= lastTermIndex; ++termIndex) {
+        ASSERT(endIndex <= terms.size());
+        for (size_t termIndex = firstTermIndex; termIndex < endIndex; ++termIndex) {
             PatternTerm& term = terms[termIndex];
 
@@ -753 +754 @@
                 PatternDisjunction* nestedDisjunction = term.parentheses.disjunction;
                 for (unsigned alt = 0; alt < nestedDisjunction->m_alternatives.size(); ++alt) {
-                    if (containsCapturingTerms(nestedDisjunction->m_alternatives[alt].get(), 0, nestedDisjunction->m_alternatives[alt]->m_terms.size() - 1))
+                    if (containsCapturingTerms(nestedDisjunction->m_alternatives[alt].get(), 0, nestedDisjunction->m_alternatives[alt]->m_terms.size()))
                         return true;
                 }
@@ -778 +779 @@
             bool startsWithBOL = false;
             bool endsWithEOL = false;
-            size_t termIndex, firstExpressionTerm, lastExpressionTerm;
+            size_t termIndex, firstExpressionTerm;
 
             termIndex = 0;
@@ -801 +802 @@
             if ((lastNonAnchorTerm.type != PatternTerm::TypeCharacterClass) || (lastNonAnchorTerm.characterClass != m_pattern.newlineCharacterClass()) || (lastNonAnchorTerm.quantityType != QuantifierGreedy))
                 return;
-            
-            lastExpressionTerm = termIndex - 1;
-
-            if (firstExpressionTerm > lastExpressionTerm)
+
+            size_t endIndex = termIndex;
+            if (firstExpressionTerm >= endIndex)
                 return;
 
-            if (!containsCapturingTerms(alternative, firstExpressionTerm, lastExpressionTerm)) {
-                for (termIndex = terms.size() - 1; termIndex > lastExpressionTerm; --termIndex)
+            if (!containsCapturingTerms(alternative, firstExpressionTerm, endIndex)) {
+                for (termIndex = terms.size() - 1; termIndex >= endIndex; --termIndex)
                     terms.remove(termIndex);