Changeset 38929 in webkit for trunk/JavaScriptCore/wrec/WREC.cpp


Ignore:
Timestamp:
Dec 2, 2008, 8:53:02 PM (16 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

2008-12-02 Geoffrey Garen <[email protected]>

Reviewed by Cameron Zwarich.


Fixed https://bugs.webkit.org/show_bug.cgi?id=22537
REGRESSION (r38745): Assertion failure in jsSubstring() at ge.com

The bug was that index would become greater than length, so our
"end of input" checks, which all check "index == length", would fail.


The solution is to check for end of input before incrementing index,
to ensure that index is always <= length.


As a side benefit, generateJumpIfEndOfInput can now use je instead of
jg, which should be slightly faster.

  • wrec/WREC.cpp: (JSC::WREC::Generator::compileRegExp):
  • wrec/WRECGenerator.cpp: (JSC::WREC::Generator::generateJumpIfEndOfInput):

LayoutTests:

2008-12-02 Geoffrey Garen <[email protected]>

Reviewed by Cameron Zwarich.


Test for https://bugs.webkit.org/show_bug.cgi?id=22537
REGRESSION (r38745): Assertion failure in jsSubstring() at ge.com

  • fast/regex/alternative-length-miscalculation-expected.txt: Added.
  • fast/regex/alternative-length-miscalculation.html: Added.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/wrec/WREC.cpp

    r38839 r38929  
    6161
    6262    failures.link();
     63    generator.generateJumpIfEndOfInput(failures);
    6364    generator.generateIncrementIndex();
    64     generator.generateJumpIfEndOfInput(failures);
    6565    parser.parsePattern(failures);
    6666    generator.generateReturnSuccess();
Note: See TracChangeset for help on using the changeset viewer.