Context Navigation

← Previous Change
Next Change →

YarrJIT.cpp

Timestamp:

Feb 15, 2019, 5:13:57 PM (6 years ago)

Author:

Message:

RELEASE_ASSERT at com.apple.JavaScriptCore: JSC::jsSubstringOfResolved
https://bugs.webkit.org/show_bug.cgi?id=194558

Reviewed by Saam Barati.

JSTests:

New regression test.

stress/regexp-unicode-within-string.js: Added.

Source/JavaScriptCore:

Added an in bounds check before the read of the next character for Unicode regular expressions
for pattern generation that didn't already have such checks.

yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):

File:

: 1 edited

trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp

-              r240641
+              r241634
+        }
+        if (m_decodeSurrogatePairs)
+            op.m_jumps.append(jumpIfNoAvailableInput());
         if (m_charSize == Char8) {
             auto check1 = [&] (Checked<unsigned> offset, UChar32 characters) {
 …
         const RegisterID countRegister = regT1;
+        if (m_decodeSurrogatePairs)
+            op.m_jumps.append(jumpIfNoAvailableInput());
         move(index, countRegister);
         Checked<unsigned> scaledMaxCount = term->quantityMaxCount;
 …
         const RegisterID character = regT0;
+        if (m_decodeSurrogatePairs)
+        if (m_decodeSurrogatePairs) {
+            op.m_jumps.append(jumpIfNoAvailableInput());
             storeToFrame(index, term->frameLocation + BackTrackInfoCharacterClass::beginIndex());
+        }
         JumpList matchDest;
 …
         const RegisterID character = regT0;
         const RegisterID countRegister = regT1;
+        if (m_decodeSurrogatePairs)
+            op.m_jumps.append(jumpIfNoAvailableInput());
         move(index, countRegister);

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 241634 in webkit for trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp

Legend:

trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp

Download in other formats: