Context Navigation

← Previous Changeset
Next Changeset →

Changeset 231939 in webkit

Timestamp:

May 17, 2018 7:59:31 PM (6 years ago)

Author:

msaboff@apple.com

Message:

We don't throw SyntaxErrors for runtime generated regular expressions with errors
https://bugs.webkit.org/show_bug.cgi?id=185755

Reviewed by Keith Miller.

JSTests:

New regression test.

stress/regexp-with-runtime-syntax-errors.js: Added.

(testThrowsSyntaxtError):
(fromExecWithBadUnicodeEscape):
(fromTestWithBadUnicodeProperty):
(fromSplitWithBadUnicodeIdentity):
(fromMatchWithBadUnicodeBackReference):
(fromReplaceWithBadUnicodeEscape):
(fromSearchWithBadUnicodeEscape):

Source/JavaScriptCore:

Added a new helper that creates the correct exception to throw for each type of error when
compiling a RegExp. Using that new helper, added missing checks for RegExp for the cases
where we create a new RegExp from an existing one. Also refactored other places that we
throw SyntaxErrors after a failed RegExp compile to use the new helper.

runtime/RegExp.h:
runtime/RegExpConstructor.cpp:

(JSC::regExpCreate):
(JSC::constructRegExp):

runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncCompile):

yarr/YarrErrorCode.cpp:

(JSC::Yarr::errorToThrow):

yarr/YarrErrorCode.h:

LayoutTests:

Updated test and results from reporting a SyntaxError to an Out of memory error.

js/script-tests/stack-overflow-regexp.js:

(shouldThrow.recursiveCall):
(shouldThrow):
(recursiveCall):

js/stack-overflow-regexp-expected.txt:

Location:

trunk

Files:

: 1 added
: 12 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/regexp-with-runtime-syntax-errors.js (added)
LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/js/script-tests/stack-overflow-regexp.js (modified) (3 diffs)
LayoutTests/js/stack-overflow-regexp-expected.txt (modified) (1 diff)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/runtime/Error.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/Error.h (modified) (1 diff)
Source/JavaScriptCore/runtime/RegExp.h (modified) (1 diff)
Source/JavaScriptCore/runtime/RegExpConstructor.cpp (modified) (2 diffs)
Source/JavaScriptCore/runtime/RegExpPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/yarr/YarrErrorCode.cpp (modified) (2 diffs)
Source/JavaScriptCore/yarr/YarrErrorCode.h (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-                      r231886
+                      r231939
+-05-17  Michael Saboff  <msaboff@apple.com>
+        We don't throw SyntaxErrors for runtime generated regular expressions with errors
+        https://bugs.webkit.org/show_bug.cgi?id=185755
+        Reviewed by Keith Miller.
+        New regression test.
+        * stress/regexp-with-runtime-syntax-errors.js: Added.
+        (testThrowsSyntaxtError):
+        (fromExecWithBadUnicodeEscape):
+        (fromTestWithBadUnicodeProperty):
+        (fromSplitWithBadUnicodeIdentity):
+        (fromMatchWithBadUnicodeBackReference):
+        (fromReplaceWithBadUnicodeEscape):
+        (fromSearchWithBadUnicodeEscape):
 -05-16  Caio Lima  <ticaiolima@gmail.com>

trunk/LayoutTests/ChangeLog

-                      r231937
+                      r231939
+-05-17  Michael Saboff  <msaboff@apple.com>
+        We don't throw SyntaxErrors for runtime generated regular expressions with errors
+        https://bugs.webkit.org/show_bug.cgi?id=185755
+        Reviewed by Keith Miller.
+        Updated test and results from reporting a SyntaxError to an Out of memory error.
+        * js/script-tests/stack-overflow-regexp.js:
+        (shouldThrow.recursiveCall):
+        (shouldThrow):
+        (recursiveCall):
+        * js/stack-overflow-regexp-expected.txt:
 -05-17  Nan Wang  <n_wang@apple.com>

trunk/LayoutTests/js/script-tests/stack-overflow-regexp.js

-                      r201412
+                      r231939
 // Base case.
 shouldThrow('new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")"))', '"SyntaxError: Invalid regular expression: too many nested disjunctions"');
+shouldThrow('new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")"))', '"Error: Out of memory: Invalid regular expression: too many nested disjunctions"');
 { // Verify that a deep JS stack does not help avoiding the error.
 …
         if (!(depth % 10)) {
             debug("Creating RegExp at depth " + depth);
             shouldThrow('new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")"))', '"SyntaxError: Invalid regular expression: too many nested disjunctions"');
+            shouldThrow('new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")"))', '"Error: Out of memory: Invalid regular expression: too many nested disjunctions"');
+        }
         if (depth < 100) {
 …
         expression += ")(c))";
+    }
     shouldThrow('new RegExp(expression)', '"SyntaxError: Invalid regular expression: too many nested disjunctions"');
+    shouldThrow('new RegExp(expression)', '"Error: Out of memory: Invalid regular expression: too many nested disjunctions"');
+}

trunk/LayoutTests/js/stack-overflow-regexp-expected.txt

-                      r201412
+                      r231939
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 0
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 10
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 20
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 30
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 40
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 50
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 60
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 70
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 80
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 90
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 Creating RegExp at depth 100
 PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
 PASS new RegExp(expression) threw exception SyntaxError: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(Array(50000).join("(") + "a" + Array(50000).join(")")) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
+PASS new RegExp(expression) threw exception Error: Out of memory: Invalid regular expression: too many nested disjunctions.
 PASS successfullyParsed is true

trunk/Source/JavaScriptCore/ChangeLog

-                      r231938
+                      r231939
+-05-17  Michael Saboff  <msaboff@apple.com>
+        We don't throw SyntaxErrors for runtime generated regular expressions with errors
+        https://bugs.webkit.org/show_bug.cgi?id=185755
+        Reviewed by Keith Miller.
+        Added a new helper that creates the correct exception to throw for each type of error when
+        compiling a RegExp.  Using that new helper, added missing checks for RegExp for the cases
+        where we create a new RegExp from an existing one.  Also refactored other places that we
+        throw SyntaxErrors after a failed RegExp compile to use the new helper.
+        * runtime/RegExp.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::regExpCreate):
+        (JSC::constructRegExp):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncCompile):
+        * yarr/YarrErrorCode.cpp:
+        (JSC::Yarr::errorToThrow):
+        * yarr/YarrErrorCode.h:
 -05-17  Saam Barati  <sbarati@apple.com>

trunk/Source/JavaScriptCore/runtime/Error.cpp

-                      r222473
+                      r231939
+}
+JSObject* createOutOfMemoryError(ExecState* exec, const String& message)
+{
+    auto* error = createError(exec, makeString("Out of memory: ", message), nullptr);
+    jsCast<ErrorInstance*>(error)->setOutOfMemoryError();
+    return error;
+}
 const ClassInfo StrictModeTypeErrorFunction::s_info = { "Function", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(StrictModeTypeErrorFunction) };

trunk/Source/JavaScriptCore/runtime/Error.h

r230813	r231939
72	72	JS_EXPORT_PRIVATE JSObject* createURIError(ExecState*, const String&);
73	73	JS_EXPORT_PRIVATE JSObject* createOutOfMemoryError(ExecState*);
	74	JS_EXPORT_PRIVATE JSObject* createOutOfMemoryError(ExecState*, const String&);
74	75
75	76	JS_EXPORT_PRIVATE JSObject* createError(ExecState*, ErrorType, const String&);

trunk/Source/JavaScriptCore/runtime/RegExp.h

r228105	r231939
63	63	bool isValid() const { return !Yarr::hasError(m_constructionErrorCode) && m_flags != InvalidFlags; }
64	64	const char* errorMessage() const { return Yarr::errorMessage(m_constructionErrorCode); }
	65	JSObject* errorToThrow(ExecState* exec) { return Yarr::errorToThrow(exec, m_constructionErrorCode); }
65	66
66	67	JS_EXPORT_PRIVATE int match(VM&, const String&, unsigned startOffset, Vector<int>& ovector);

trunk/Source/JavaScriptCore/runtime/RegExpConstructor.cpp

-                      r230369
+                      r231939
     RegExp* regExp = RegExp::create(vm, pattern, flags);
     if (!regExp->isValid())
         return throwException(exec, scope, createSyntaxError(exec, regExp->errorMessage()));
+        return throwException(exec, scope, regExp->errorToThrow(exec));
     Structure* structure = getRegExpStructure(exec, globalObject, newTarget);
 …
                 return nullptr;
             regExp = RegExp::create(vm, regExp->pattern(), flags);
+            if (!regExp->isValid())
+                return throwException(exec, scope, regExp->errorToThrow(exec));
+        }

trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp

r231047	r231939
175	175
176	176	if (!regExp->isValid())
177		return throwVMError(exec, scope, ~~createSyntaxError(exec, regExp->errorMessage()~~));
	177	return throwVMError(exec, scope, regExp->errorToThrow(exec));
178	178
179	179	thisRegExp->setRegExp(vm, regExp);

trunk/Source/JavaScriptCore/yarr/YarrErrorCode.cpp

-                      r226128
+                      r231939
 #include "config.h"
 #include "YarrErrorCode.h"
+#include "Error.h"
 namespace JSC { namespace Yarr {
 …
+}
+JSObject* errorToThrow(ExecState* exec, ErrorCode error)
+{
+    switch (error) {
+    case ErrorCode::NoError:
+        ASSERT_NOT_REACHED();
+        return nullptr;
+    case ErrorCode::PatternTooLarge:
+    case ErrorCode::QuantifierOutOfOrder:
+    case ErrorCode::QuantifierWithoutAtom:
+    case ErrorCode::QuantifierTooLarge:
+    case ErrorCode::MissingParentheses:
+    case ErrorCode::ParenthesesUnmatched:
+    case ErrorCode::ParenthesesTypeInvalid:
+    case ErrorCode::InvalidGroupName:
+    case ErrorCode::DuplicateGroupName:
+    case ErrorCode::CharacterClassUnmatched:
+    case ErrorCode::CharacterClassOutOfOrder:
+    case ErrorCode::EscapeUnterminated:
+    case ErrorCode::InvalidUnicodeEscape:
+    case ErrorCode::InvalidBackreference:
+    case ErrorCode::InvalidIdentityEscape:
+    case ErrorCode::InvalidUnicodePropertyExpression:
+    case ErrorCode::OffsetTooLarge:
+    case ErrorCode::InvalidRegularExpressionFlags:
+        return createSyntaxError(exec, errorMessage(error));
+    case ErrorCode::TooManyDisjunctions:
+        return createOutOfMemoryError(exec, errorMessage(error));
+    }
+    ASSERT_NOT_REACHED();
+    return nullptr;
+}
 } } // namespace JSC::Yarr

trunk/Source/JavaScriptCore/yarr/YarrErrorCode.h

-                      r226128
+                      r231939
 #pragma once
+namespace JSC { namespace Yarr {
+namespace JSC {
+class ExecState;
+class JSObject;
+namespace Yarr {
 enum class ErrorCode : unsigned {
 …
     return errorCode != ErrorCode::NoError;
+}
+JS_EXPORT_PRIVATE JSObject* errorToThrow(ExecState*, ErrorCode);
 } } // namespace JSC::Yarr

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 231939 in webkit

Legend:

Download in other formats: