Diff
Modified: trunk/LayoutTests/ChangeLog (108998 => 108999)
--- trunk/LayoutTests/ChangeLog 2012-02-27 17:01:53 UTC (rev 108998)
+++ trunk/LayoutTests/ChangeLog 2012-02-27 17:22:29 UTC (rev 108999)
@@ -1,3 +1,16 @@
+2012-02-27 Michael Saboff <msab...@apple.com>
+
+ Error check regexp min quantifier
+ https://bugs.webkit.org/show_bug.cgi?id=70648
+
+ Reviewed by Gavin Barraclough.
+
+ New test added to check for newly generated SyntaxError.
+
+ * fast/regex/overflow-expected.txt:
+ * fast/regex/script-tests/overflow.js:
+ (quantifyMaxInt):
+
2012-02-27 Pavel Feldman <pfeld...@google.com>
Web Inspector: extract TimelineModel and TimelinePresentationModel into their own files.
Modified: trunk/LayoutTests/fast/regex/overflow-expected.txt (108998 => 108999)
--- trunk/LayoutTests/fast/regex/overflow-expected.txt 2012-02-27 17:01:53 UTC (rev 108998)
+++ trunk/LayoutTests/fast/regex/overflow-expected.txt 2012-02-27 17:22:29 UTC (rev 108999)
@@ -5,7 +5,8 @@
PASS regexp1.exec('') is null
PASS regexp2.exec('') is null
-PASS regexp2.exec(s3) is null
+PASS regexp3.exec(s3) is null
+PASS function f() { /[^a$]{4294967295}/ } threw exception SyntaxError: Invalid regular _expression_: number too large in {} quantifier.
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/fast/regex/script-tests/overflow.js (108998 => 108999)
--- trunk/LayoutTests/fast/regex/script-tests/overflow.js 2012-02-27 17:01:53 UTC (rev 108998)
+++ trunk/LayoutTests/fast/regex/script-tests/overflow.js 2012-02-27 17:22:29 UTC (rev 108999)
@@ -8,4 +8,6 @@
var s3 = "&{6}u4a64YfQP{C}u88c4u5772Qu8693{4294967167}u85f2u7f3fs((uf202){4})u5bc6u1947";
var regexp3 = new RegExp(s3, "");
-shouldBe("regexp2.exec(s3)", 'null');
+shouldBe("regexp3.exec(s3)", 'null');
+
+shouldThrow("function f() { /[^a$]{4294967295}/ }", '"SyntaxError: Invalid regular _expression_: number too large in {} quantifier"');
Modified: trunk/Source/_javascript_Core/ChangeLog (108998 => 108999)
--- trunk/Source/_javascript_Core/ChangeLog 2012-02-27 17:01:53 UTC (rev 108998)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-02-27 17:22:29 UTC (rev 108999)
@@ -1,3 +1,18 @@
+2012-02-27 Michael Saboff <msab...@apple.com>
+
+ Error check regexp min quantifier
+ https://bugs.webkit.org/show_bug.cgi?id=70648
+
+ Reviewed by Gavin Barraclough.
+
+ Added checking for min or only quantifier being UINT_MAX.
+ When encountered this becomes a SyntaxError during parsing.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::parseQuantifier):
+ (JSC::Yarr::Parser::parse):
+ (Parser):
+
2012-02-27 Carlos Garcia Campos <cgar...@igalia.com>
Unreviewed. Fix make distcheck.
Modified: trunk/Source/_javascript_Core/yarr/YarrParser.h (108998 => 108999)
--- trunk/Source/_javascript_Core/yarr/YarrParser.h 2012-02-27 17:01:53 UTC (rev 108998)
+++ trunk/Source/_javascript_Core/yarr/YarrParser.h 2012-02-27 17:22:29 UTC (rev 108999)
@@ -54,6 +54,7 @@
PatternTooLarge,
QuantifierOutOfOrder,
QuantifierWithoutAtom,
+ QuantifierTooLarge,
MissingParentheses,
ParenthesesUnmatched,
ParenthesesTypeInvalid,
@@ -546,6 +547,11 @@
ASSERT(!m_err);
ASSERT(min <= max);
+ if (min == UINT_MAX) {
+ m_err = QuantifierTooLarge;
+ return;
+ }
+
if (lastTokenWasAnAtom)
m_delegate.quantifyAtom(min, max, !tryConsume('?'));
else
@@ -685,6 +691,7 @@
REGEXP_ERROR_PREFIX "regular _expression_ too large",
REGEXP_ERROR_PREFIX "numbers out of order in {} quantifier",
REGEXP_ERROR_PREFIX "nothing to repeat",
+ REGEXP_ERROR_PREFIX "number too large in {} quantifier",
REGEXP_ERROR_PREFIX "missing )",
REGEXP_ERROR_PREFIX "unmatched parentheses",
REGEXP_ERROR_PREFIX "unrecognized character after (?",
@@ -696,7 +703,6 @@
return errorMessages[m_err];
}
-
// Misc helper functions:
typedef unsigned ParseState;
