Changeset 201714 in webkit


Ignore:
Timestamp:
Jun 6, 2016 10:31:28 AM (8 years ago)
Author:
oliver@apple.com
Message:

RegExp unicode parsing reads an extra character before failing
https://bugs.webkit.org/show_bug.cgi?id=158376

Reviewed by Saam Barati.

Source/JavaScriptCore:

This was a probably harmless bug, but keeps triggering assertions
for me locally. Essentially we'd see a parse error, set the error
type, but then carry on parsing. In debug builds this asserts, in
release builds you are pretty safe unless you're exceptionally
unlucky with where the error occurs.

  • yarr/YarrParser.h:

(JSC::Yarr::Parser::parseEscape):

LayoutTests:

Add a couple of tests.

  • js/script-tests/regexp-unicode.js:
Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r201712 r201714  
     12016-06-03  Oliver Hunt  <oliver@apple.com>
     2
     3        RegExp unicode parsing reads an extra character before failing
     4        https://bugs.webkit.org/show_bug.cgi?id=158376
     5
     6        Reviewed by Saam Barati.
     7
     8        Add a couple of tests.
     9
     10        * js/script-tests/regexp-unicode.js:
     11
    1122016-06-06  Chris Dumez  <cdumez@apple.com>
    213
  • trunk/LayoutTests/js/regexp-unicode-expected.txt

    r199523 r201714  
    152152PASS r = new RegExp("\\u", "u") threw exception SyntaxError: Invalid regular expression: invalid escaped character for unicode pattern.
    153153PASS r = new RegExp("[\\u]", "u") threw exception SyntaxError: Invalid regular expression: invalid escaped character for unicode pattern.
     154PASS r = new RegExp("\\u{", "u") threw exception SyntaxError: Invalid regular expression: invalid unicode {} escape.
     155PASS r = new RegExp("\\u{\udead", "u") threw exception SyntaxError: Invalid regular expression: invalid unicode {} escape.
    154156PASS successfullyParsed is true
    155157
  • trunk/LayoutTests/js/script-tests/regexp-unicode.js

    r199523 r201714  
    206206var newRegExp;
    207207
    208 function shouldThrowInvalidEscape(pattern)
     208function shouldThrowInvalidEscape(pattern, error='invalidEscapeException')
    209209{
    210210    newRegExp = 'r = new RegExp("' + pattern + '", "u")';
    211211
    212     shouldThrow(newRegExp, 'invalidEscapeException');
     212    shouldThrow(newRegExp, error);
    213213}
    214214
     
    223223shouldThrowInvalidEscape("[\\\\u]");
    224224
     225shouldThrowInvalidEscape("\\\\u{", '"SyntaxError: Invalid regular expression: invalid unicode {} escape"');
     226shouldThrowInvalidEscape("\\\\u{\\udead", '"SyntaxError: Invalid regular expression: invalid unicode {} escape"');
  • trunk/Source/JavaScriptCore/ChangeLog

    r201713 r201714  
     12016-06-03  Oliver Hunt  <oliver@apple.com>
     2
     3        RegExp unicode parsing reads an extra character before failing
     4        https://bugs.webkit.org/show_bug.cgi?id=158376
     5
     6        Reviewed by Saam Barati.
     7
     8        This was a probably harmless bug, but keeps triggering assertions
     9        for me locally. Essentially we'd see a parse error, set the error
     10        type, but then carry on parsing. In debug builds this asserts, in
     11        release builds you are pretty safe unless you're exceptionally
     12        unlucky with where the error occurs.
     13
     14        * yarr/YarrParser.h:
     15        (JSC::Yarr::Parser::parseEscape):
     16
    1172016-06-06  Guillaume Emont  <guijemont@igalia.com>
    218
  • trunk/Source/JavaScriptCore/yarr/YarrParser.h

    r197534 r201714  
    449449                UChar32 codePoint = 0;
    450450                do {
    451                     if (atEndOfPattern())
     451                    if (atEndOfPattern() || !isASCIIHexDigit(peek())) {
    452452                        m_err = InvalidUnicodeEscape;
    453                     if (!isASCIIHexDigit(peek()))
    454                         m_err = InvalidUnicodeEscape;
     453                        break;
     454                    }
    455455
    456456                    codePoint = (codePoint << 4) | toASCIIHexValue(consume());
Note: See TracChangeset for help on using the changeset viewer.