Changeset 28833 in webkit
- Timestamp:
- Dec 18, 2007 11:30:05 AM (16 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 4 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/ChangeLog
r28799 r28833 1 2007-12-18 Darin Adler <darin@apple.com> 2 3 Reviewed by Geoff. 4 5 - test for http://bugs.webkit.org/show_bug.cgi?id=16458 6 REGRESSION (r28164): regular expressions can now hang due to lack of a match limit 7 <rdar://problem/5636067> 8 9 Test: fast/regex/slow.html 10 11 Slows down SunSpider a bit (about 1.01x); filed a bug to follow up on that: 12 http://bugs.webkit.org/show_bug.cgi?id=16503 13 14 * pcre/pcre.h: Changed name of error code to not specifically mention "recursion". 15 * pcre/pcre_exec.cpp: 16 (match): Replaced the depth limit, MATCH_RECURSION_LIMIT, with a total match looping 17 limit, matchLimit. Also eliminated the constants for MATCH_MATCH and MATCH_NOMATCH, 18 since they are just true and false (1 and 0). 19 (jsRegExpExecute): More of the MATCH_MATCH change. 20 1 21 2007-12-17 Darin Adler <darin@apple.com> 2 22 -
trunk/JavaScriptCore/pcre/pcre.h
r28578 r28833 52 52 /* jsRegExpExecute error codes */ 53 53 const int JSRegExpErrorNoMatch = -1; 54 const int JSRegExpError RecursionLimit = -2;54 const int JSRegExpErrorHitLimit = -2; 55 55 const int JSRegExpErrorNoMemory = -3; 56 56 const int JSRegExpErrorInternal = -4; -
trunk/JavaScriptCore/pcre/pcre_exec.cpp
r28799 r28833 122 122 }; 123 123 124 /* Non-error returns from the match() function. Error returns are externally125 defined error codes, which are all negative. */126 127 #define MATCH_MATCH 1128 #define MATCH_NOMATCH 0129 130 124 /* The maximum remaining length of subject we are prepared to search for a 131 125 req_byte match. */ … … 133 127 #define REQ_BYTE_MAX 1000 134 128 135 /* The below limit restricts the number of recursive match calls in order to 136 limit the maximum amount of storage. 137 138 This limit is tied to the size of MatchFrame. Right now we allow PCRE to allocate up 139 to MATCH_RECURSION_LIMIT - 16 * sizeof(MatchFrame) bytes of "stack" space before we give up. 140 Currently that's 100000 - 16 * (23 * 4) ~ 90MB. */ 141 142 #define MATCH_RECURSION_LIMIT 100000 129 /* The below limit restricts the number of "recursive" match calls in order to 130 avoid spending exponential time on complex regular expressions. */ 131 132 static const unsigned matchLimit = 100000; 143 133 144 134 #ifdef DEBUG … … 252 242 253 243 #define RECURSIVE_MATCH_COMMON(num) \ 254 if (stack.size >= MATCH_RECURSION_LIMIT) \255 return matchError(JSRegExpErrorRecursionLimit, stack); \256 244 goto RECURSE;\ 257 245 RRETURN_##num: \ … … 292 280 md pointer to "static" info for the match 293 281 294 Returns: MATCH_MATCH if matched) these values are >= 0295 MATCH_NOMATCHif failed to match )282 Returns: 1 if matched ) these values are >= 0 283 0 if failed to match ) 296 284 a negative error value if aborted by an error condition 297 285 (e.g. stopped by repeated call or recursion limit) … … 408 396 static int match(const UChar* subjectPtr, const unsigned char* instructionPtr, int offsetTop, MatchData& md) 409 397 { 410 intisMatch = false;398 bool isMatch = false; 411 399 int min; 412 400 bool minimize = false; /* Initialization not really needed, but some compilers think so. */ 401 unsigned matchCount = 0; 413 402 414 403 MatchStack stack; … … 443 432 444 433 RECURSE: 434 if (++matchCount > matchLimit) 435 return matchError(JSRegExpErrorHitLimit, stack); 445 436 446 437 /* Now start processing the operations. */ … … 564 555 565 556 /* End of a group, repeated or non-repeating. If we are at the end of 566 an assertion "group", stop matching and return MATCH_MATCH, but record the557 an assertion "group", stop matching and return 1, but record the 567 558 current high water mark for use by positive assertions. Do this also 568 559 for the "once" (not-backup up) groups. */ … … 1780 1771 1781 1772 RETURN: 1782 ASSERT(isMatch == MATCH_MATCH || isMatch == MATCH_NOMATCH);1783 1773 return isMatch; 1784 1774 } … … 2013 2003 /* When the result is no match, advance the pointer to the next character 2014 2004 and continue. */ 2015 2016 if (returnCode == MATCH_NOMATCH) { 2005 if (returnCode == false) { 2017 2006 startMatch++; 2018 2007 continue; 2019 2008 } 2020 2021 if (returnCode != MATCH_MATCH) { 2009 2010 if (returnCode != true) { 2011 ASSERT(returnCode == JSRegExpErrorHitLimit || returnCode == JSRegExpErrorNoMemory); 2022 2012 DPRINTF((">>>> error: returning %d\n", rc)); 2023 2013 return returnCode; -
trunk/LayoutTests/ChangeLog
r28831 r28833 1 2007-12-18 Darin Adler <darin@apple.com> 2 3 Reviewed by Geoff. 4 5 - test for http://bugs.webkit.org/show_bug.cgi?id=16458 6 REGRESSION (r28164): regular expressions can now hang due to lack of a match limit 7 8 * fast/regex/resources: Added. 9 * fast/regex/resources/TEMPLATE.html: Copied from fast/js/resources/TEMPLATE.html. 10 * fast/regex/resources/slow.js: Added. 11 * fast/regex/slow-expected.txt: Added. 12 * fast/regex/slow.html: Added. 13 1 14 2007-12-18 Dan Bernstein <mitz@apple.com> 2 15
Note: See TracChangeset
for help on using the changeset viewer.