Context Navigation

← Previous Changeset
Next Changeset →

Changeset 253061 in webkit

Timestamp:

Dec 3, 2019 2:07:14 PM (4 years ago)

Author:

chris.reid@sony.com

Message:

Regular expression hangs in Safari only
https://bugs.webkit.org/show_bug.cgi?id=202882
<rdar://problem/56236654>

Reviewed by Yusuke Suzuki.

JSTests:

stress/regress-202882.js: Added.

Source/WTF:

BumpPointerPool::ensureCapacityCrossPool can cause an infinite loop
if multiple large pools are deallocated and a new capacity does not
fit in the deallocated pools. BumpPointerPool should try using
more pools if the next one isn't large enough.

wtf/BumpPointerAllocator.h:

(WTF::BumpPointerPool::ensureCapacityCrossPool):

Tools:

TestWebKitAPI/CMakeLists.txt:
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WTF/BumpPointerAllocator.cpp: Added.

Location:

trunk

Files:

: 2 added
: 6 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/regress-202882.js (added)
Source/WTF/ChangeLog (modified) (1 diff)
Source/WTF/wtf/BumpPointerAllocator.h (modified) (1 diff)
Tools/ChangeLog (modified) (1 diff)
Tools/TestWebKitAPI/CMakeLists.txt (modified) (1 diff)
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (modified) (4 diffs)
Tools/TestWebKitAPI/Tests/WTF/BumpPointerAllocator.cpp (added)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-                      r253026
+                      r253061
+-12-03  Christopher Reid  <chris.reid@sony.com>
+        Regular expression hangs in Safari only
+        https://bugs.webkit.org/show_bug.cgi?id=202882
+        <rdar://problem/56236654>
+        Reviewed by Yusuke Suzuki.
+        * stress/regress-202882.js: Added.
 -12-02  Saam Barati  <sbarati@apple.com>

trunk/Source/WTF/ChangeLog

-                      r252936
+                      r253061
+-12-03  Christopher Reid  <chris.reid@sony.com>
+        Regular expression hangs in Safari only
+        https://bugs.webkit.org/show_bug.cgi?id=202882
+        <rdar://problem/56236654>
+        Reviewed by Yusuke Suzuki.
+        BumpPointerPool::ensureCapacityCrossPool can cause an infinite loop
+        if multiple large pools are deallocated and a new capacity does not
+        fit in the deallocated pools. BumpPointerPool should try using
+        more pools if the next one isn't large enough.
+        * wtf/BumpPointerAllocator.h:
+        (WTF::BumpPointerPool::ensureCapacityCrossPool):
 -11-28  Fujii Hironori  <Hironori.Fujii@sony.com>

trunk/Source/WTF/wtf/BumpPointerAllocator.h

r248546	r253061
167	167	if (allocationEnd <= static_cast<void*>(pool))
168	168	return pool;
	169
	170	previousPool = pool;
	171	pool = pool->m_next;
169	172	}
170	173	}

trunk/Tools/ChangeLog

-                      r253060
+                      r253061
+-12-03  Christopher Reid  <chris.reid@sony.com>
+        Regular expression hangs in Safari only
+        https://bugs.webkit.org/show_bug.cgi?id=202882
+        <rdar://problem/56236654>
+        Reviewed by Yusuke Suzuki.
+        * TestWebKitAPI/CMakeLists.txt:
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WTF/BumpPointerAllocator.cpp: Added.
 -12-03  Jonathan Bedard  <jbedard@apple.com>

trunk/Tools/TestWebKitAPI/CMakeLists.txt

r251915	r253061
28	28	Tests/WTF/AtomString.cpp
29	29	Tests/WTF/BloomFilter.cpp
	30	Tests/WTF/BumpPointerAllocator.cpp
30	31	Tests/WTF/CString.cpp
31	32	Tests/WTF/CheckedArithmeticOperations.cpp

trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

-                      r253025
+                      r253061
 /* Begin PBXBuildFile section */
 A1E34216FFDBC00789E0A /* PublicSuffix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 041A1E33216FFDBC00789E0A /* PublicSuffix.cpp */; };
+DB2396235E43EC00328F17 /* BumpPointerAllocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0451A5A6235E438E009DF945 /* BumpPointerAllocator.cpp */; };
 DF52226A95FC003DD2F7 /* AVFoundationSoftLinkTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 0711DF51226A95FB003DD2F7 /* AVFoundationSoftLinkTest.mm */; };
 B3B1DF8B14C00633DE1 /* EnumerateMediaDevices.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 07492B3A1DF8AE2D00633DE1 /* EnumerateMediaDevices.cpp */; };
 …
 CD9F6215BE312C002DA2CE /* BackForwardList.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = BackForwardList.mm; sourceTree = "<group>"; };
 A1E33216FFDBC00789E0A /* PublicSuffix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PublicSuffix.cpp; sourceTree = "<group>"; };
+A5A6235E438E009DF945 /* BumpPointerAllocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BumpPointerAllocator.cpp; sourceTree = "<group>"; };
 DF51226A95FB003DD2F7 /* AVFoundationSoftLinkTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AVFoundationSoftLinkTest.mm; sourceTree = "<group>"; };
                 0746645722FF62D000E3451A /* AccessibilityTestSupportProtocol.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AccessibilityTestSupportProtocol.h; sourceTree = "<group>"; };
 …
 F1B44215CA434F00D1E4BF /* AtomString.cpp */,
                                 E40019301ACE9B5C001B0A2A /* BloomFilter.cpp */,
+A5A6235E438E009DF945 /* BumpPointerAllocator.cpp */,
                                 A7A966DA140ECCC8005EF9B4 /* CheckedArithmeticOperations.cpp */,
 F30CB5B1FCE1792004B5323 /* ConcurrentPtrHashSet.cpp */,
 …
 ADAD1501D77A9F600212586 /* BlockPtr.mm in Sources */,
 C83DE9C1D0A590C00FEBCF3 /* BloomFilter.cpp in Sources */,
+DB2396235E43EC00328F17 /* BumpPointerAllocator.cpp in Sources */,
 C83DEA01D0A590C00FEBCF3 /* CheckedArithmeticOperations.cpp in Sources */,
 F30CB5C1FCE1796004B5323 /* ConcurrentPtrHashSet.cpp in Sources */,

Note: See TracChangeset for help on using the changeset viewer.