Title: [274945] trunk
- Revision
- 274945
- Author
- msab...@apple.com
- Date
- 2021-03-24 10:29:02 -0700 (Wed, 24 Mar 2021)
Log Message
[YARR] Interpreter incorrectly matches non-BMP characters with multiple . w/dotAll flag
https://bugs.webkit.org/show_bug.cgi?id=223666
Reviewed by Mark Lam.
JSTests:
Added tests for dotAll. Also made sure that we test both JIT and non-JIT execution.
* stress/regexp-dot-match-nonBMP.js:
Source/_javascript_Core:
In checkCharacterClassDontAdvanceInputForNonBMP(), we need to check for input.readChecked() returning -1
and return that the character class didn't match.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::checkCharacterClassDontAdvanceInputForNonBMP):
Modified Paths
Diff
Modified: trunk/JSTests/ChangeLog (274944 => 274945)
--- trunk/JSTests/ChangeLog 2021-03-24 17:03:09 UTC (rev 274944)
+++ trunk/JSTests/ChangeLog 2021-03-24 17:29:02 UTC (rev 274945)
@@ -1,3 +1,14 @@
+2021-03-24 Michael Saboff <msab...@apple.com>
+
+ [YARR] Interpreter incorrectly matches non-BMP characters with multiple . w/dotAll flag
+ https://bugs.webkit.org/show_bug.cgi?id=223666
+
+ Reviewed by Mark Lam.
+
+ Added tests for dotAll. Also made sure that we test both JIT and non-JIT execution.
+
+ * stress/regexp-dot-match-nonBMP.js:
+
2021-03-24 Yusuke Suzuki <ysuz...@apple.com>
[JSC] Rope string equal operation should first check length
Modified: trunk/JSTests/stress/regexp-dot-match-nonBMP.js (274944 => 274945)
--- trunk/JSTests/stress/regexp-dot-match-nonBMP.js 2021-03-24 17:03:09 UTC (rev 274944)
+++ trunk/JSTests/stress/regexp-dot-match-nonBMP.js 2021-03-24 17:29:02 UTC (rev 274945)
@@ -1,3 +1,6 @@
+//@ runDefault
+//@ runNoJIT
+
function shouldMatch(regexp, str) {
let result = regexp.test(str);
if (result !== true)
@@ -18,3 +21,10 @@
shouldntMatch(/../u, s);
shouldntMatch(/.../, s);
shouldntMatch(/.../u, s);
+
+shouldMatch(/./s, s);
+shouldMatch(/./su, s);
+shouldMatch(/../s, s);
+shouldntMatch(/../su, s);
+shouldntMatch(/.../s, s);
+shouldntMatch(/.../su, s);
Modified: trunk/Source/_javascript_Core/ChangeLog (274944 => 274945)
--- trunk/Source/_javascript_Core/ChangeLog 2021-03-24 17:03:09 UTC (rev 274944)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-03-24 17:29:02 UTC (rev 274945)
@@ -1,3 +1,16 @@
+2021-03-24 Michael Saboff <msab...@apple.com>
+
+ [YARR] Interpreter incorrectly matches non-BMP characters with multiple . w/dotAll flag
+ https://bugs.webkit.org/show_bug.cgi?id=223666
+
+ Reviewed by Mark Lam.
+
+ In checkCharacterClassDontAdvanceInputForNonBMP(), we need to check for input.readChecked() returning -1
+ and return that the character class didn't match.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::checkCharacterClassDontAdvanceInputForNonBMP):
+
2021-03-24 Saam Barati <sbar...@apple.com>
r271034 added code in constant folding phase that's unreachable given current invariants of our ICs and PutByIdStatus
Modified: trunk/Source/_javascript_Core/yarr/YarrInterpreter.cpp (274944 => 274945)
--- trunk/Source/_javascript_Core/yarr/YarrInterpreter.cpp 2021-03-24 17:03:09 UTC (rev 274944)
+++ trunk/Source/_javascript_Core/yarr/YarrInterpreter.cpp 2021-03-24 17:29:02 UTC (rev 274945)
@@ -436,6 +436,9 @@
bool checkCharacterClassDontAdvanceInputForNonBMP(CharacterClass* characterClass, unsigned negativeInputOffset)
{
int readCharacter = characterClass->hasOnlyNonBMPCharacters() ? input.readSurrogatePairChecked(negativeInputOffset) : input.readChecked(negativeInputOffset);
+ if (readCharacter < 0)
+ return false;
+
return testCharacterClass(characterClass, readCharacter);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
