Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9fac4e438d23d5bdf1d52a3c341876c55116387f
https://github.com/WebKit/WebKit/commit/9fac4e438d23d5bdf1d52a3c341876c55116387f
Author: Sosuke Suzuki <[email protected]>
Date: 2026-02-15 (Sun, 15 Feb 2026)
Changed paths:
A JSTests/stress/regexp-unicode-charclass-bmp-nonbmp-mixed.js
M Source/JavaScriptCore/yarr/YarrJIT.cpp
Log Message:
-----------
[YARR] Fix false negative matching Unicode regexp with mixed BMP/non-BMP
character class
https://bugs.webkit.org/show_bug.cgi?id=307774
Reviewed by Yusuke Suzuki.
optimizeAlternative() swaps a CharacterClass term with a following
PatternCharacter term in Char8 mode even when the class contains non-BMP
characters. If JIT allocation then fails, the swapped pattern is passed to
byteCodeCompilePattern(). Executing that bytecode against a Char16 string
causes the interpreter to read a trail surrogate as errorCodePoint,
producing a false negative.
This patch fixes by restricting the Char8-mode swap to CharacterClasses
that contain only BMP characters.
Test: JSTests/stress/regexp-unicode-charclass-bmp-nonbmp-mixed.js
* JSTests/stress/regexp-unicode-charclass-bmp-nonbmp-mixed.js: Added.
(shouldBe):
(shouldMatch):
(shouldNotMatch):
(throw.new.Error):
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
Canonical link: https://commits.webkit.org/307629@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
