Context Navigation

← Previous Change
Next Change →

YarrPattern.cpp

Timestamp:

Feb 26, 2021, 3:22:51 PM (4 years ago)

Author:

Message:

unexpected minimumInputSize in setupDisjunctionOffsets for regexp engine(yarr)
https://bugs.webkit.org/show_bug.cgi?id=220357

Reviewed by Saam Barati.

JSTests:

New tests to check the boundary conditions for overflowing a pattern in a RegExp.

stress/regexp-max-size.js: Added.

(testMaxRegExp):
(testTooBigRegExp):
(testMaxBMPRegExp):
(testTooBigBMPRegExp):
(testMaxNonBMPRegExp):
(testTooBigNonBMPRegExp):
(testAll):

Source/JavaScriptCore:

Removed an unnecessary ASSERT.
This assert checked that the minimum size wasn't UINT_MAX which I believe was
intended to make sure the minimum size was changed while computing the
disjunction's size and offsets. Those calculations involve checked arithmetic,
which would catch any overflow.

The other part of this patch adds a test that checks this condition as well
as the case where the pattern is one character longer, 2^{32, which triggers

the arithmetic overflow.}

yarr/YarrPattern.cpp:

(JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets):

File:

: 1 edited

trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp

r261755	r273594
935	935	}
936	936
937		~~ASSERT(minimumInputSize != UINT_MAX);~~
938	937	ASSERT(maximumCallFrameSize >= initialCallFrameSize);
939	938

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 273594 in webkit for trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp

Legend:

trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp

Download in other formats: