Changeset 94254 in webkit for trunk/Source/JavaScriptCore/yarr


Ignore:
Timestamp:
Aug 31, 2011, 5:21:20 PM (14 years ago)
Author:
[email protected]
Message:

fast/regex/overflow.html asserts in debug builds
https://bugs.webkit.org/show_bug.cgi?id=67326

Reviewed by Gavin Barraclough.

The deliberate overflows in these expressions don't interact nicely
with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
intermediate calculations.

  • yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp

    r94207 r94254  
    720720
    721721        Label loop(this);
    722         BaseIndex address(input, countRegister, TimesTwo, ((term->inputPosition - m_checked + Checked<int>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet());
     722        BaseIndex address(input, countRegister, TimesTwo, (Checked<int>(term->inputPosition - m_checked + Checked<int64_t>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet());
    723723
    724724        if (m_pattern.m_ignoreCase && isASCIIAlpha(ch)) {
     
    874874        Label loop(this);
    875875        JumpList matchDest;
    876         load16(BaseIndex(input, countRegister, TimesTwo, ((term->inputPosition - m_checked + Checked<int>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet()), character);
     876        load16(BaseIndex(input, countRegister, TimesTwo, (Checked<int>(term->inputPosition - m_checked + Checked<int64_t>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet()), character);
    877877        matchCharacterClass(character, matchDest, term->characterClass);
    878878
Note: See TracChangeset for help on using the changeset viewer.