Title: [201714] trunk
- Revision
- 201714
- Author
- oli...@apple.com
- Date
- 2016-06-06 10:31:28 -0700 (Mon, 06 Jun 2016)
Log Message
RegExp unicode parsing reads an extra character before failing
https://bugs.webkit.org/show_bug.cgi?id=158376
Reviewed by Saam Barati.
Source/_javascript_Core:
This was a probably harmless bug, but keeps triggering assertions
for me locally. Essentially we'd see a parse error, set the error
type, but then carry on parsing. In debug builds this asserts, in
release builds you are pretty safe unless you're exceptionally
unlucky with where the error occurs.
* yarr/YarrParser.h:
(JSC::Yarr::Parser::parseEscape):
LayoutTests:
Add a couple of tests.
* js/script-tests/regexp-unicode.js:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (201713 => 201714)
--- trunk/LayoutTests/ChangeLog 2016-06-06 17:22:23 UTC (rev 201713)
+++ trunk/LayoutTests/ChangeLog 2016-06-06 17:31:28 UTC (rev 201714)
@@ -1,3 +1,14 @@
+2016-06-03 Oliver Hunt <oli...@apple.com>
+
+ RegExp unicode parsing reads an extra character before failing
+ https://bugs.webkit.org/show_bug.cgi?id=158376
+
+ Reviewed by Saam Barati.
+
+ Add a couple of tests.
+
+ * js/script-tests/regexp-unicode.js:
+
2016-06-06 Chris Dumez <cdu...@apple.com>
Crash under JSObject::getOwnPropertyDescriptor()
Modified: trunk/LayoutTests/js/regexp-unicode-expected.txt (201713 => 201714)
--- trunk/LayoutTests/js/regexp-unicode-expected.txt 2016-06-06 17:22:23 UTC (rev 201713)
+++ trunk/LayoutTests/js/regexp-unicode-expected.txt 2016-06-06 17:31:28 UTC (rev 201714)
@@ -151,6 +151,8 @@
PASS r = new RegExp("[\\x]", "u") threw exception SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern.
PASS r = new RegExp("\\u", "u") threw exception SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern.
PASS r = new RegExp("[\\u]", "u") threw exception SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern.
+PASS r = new RegExp("\\u{", "u") threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS r = new RegExp("\\u{\udead", "u") threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/js/script-tests/regexp-unicode.js (201713 => 201714)
--- trunk/LayoutTests/js/script-tests/regexp-unicode.js 2016-06-06 17:22:23 UTC (rev 201713)
+++ trunk/LayoutTests/js/script-tests/regexp-unicode.js 2016-06-06 17:31:28 UTC (rev 201714)
@@ -205,11 +205,11 @@
var invalidEscapeException = "SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern";
var newRegExp;
-function shouldThrowInvalidEscape(pattern)
+function shouldThrowInvalidEscape(pattern, error='invalidEscapeException')
{
newRegExp = 'r = new RegExp("' + pattern + '", "u")';
- shouldThrow(newRegExp, 'invalidEscapeException');
+ shouldThrow(newRegExp, error);
}
shouldThrowInvalidEscape("\\\\-");
@@ -222,3 +222,5 @@
shouldThrowInvalidEscape("\\\\u");
shouldThrowInvalidEscape("[\\\\u]");
+shouldThrowInvalidEscape("\\\\u{", '"SyntaxError: Invalid regular _expression_: invalid unicode {} escape"');
+shouldThrowInvalidEscape("\\\\u{\\udead", '"SyntaxError: Invalid regular _expression_: invalid unicode {} escape"');
Modified: trunk/Source/_javascript_Core/ChangeLog (201713 => 201714)
--- trunk/Source/_javascript_Core/ChangeLog 2016-06-06 17:22:23 UTC (rev 201713)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-06-06 17:31:28 UTC (rev 201714)
@@ -1,3 +1,19 @@
+2016-06-03 Oliver Hunt <oli...@apple.com>
+
+ RegExp unicode parsing reads an extra character before failing
+ https://bugs.webkit.org/show_bug.cgi?id=158376
+
+ Reviewed by Saam Barati.
+
+ This was a probably harmless bug, but keeps triggering assertions
+ for me locally. Essentially we'd see a parse error, set the error
+ type, but then carry on parsing. In debug builds this asserts, in
+ release builds you are pretty safe unless you're exceptionally
+ unlucky with where the error occurs.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::parseEscape):
+
2016-06-06 Guillaume Emont <guijem...@igalia.com>
[jsc][mips] fix JIT::emit_op_log_shadow_chicken_prologue/_tail
Modified: trunk/Source/_javascript_Core/yarr/YarrParser.h (201713 => 201714)
--- trunk/Source/_javascript_Core/yarr/YarrParser.h 2016-06-06 17:22:23 UTC (rev 201713)
+++ trunk/Source/_javascript_Core/yarr/YarrParser.h 2016-06-06 17:31:28 UTC (rev 201714)
@@ -448,10 +448,10 @@
consume();
UChar32 codePoint = 0;
do {
- if (atEndOfPattern())
+ if (atEndOfPattern() || !isASCIIHexDigit(peek())) {
m_err = InvalidUnicodeEscape;
- if (!isASCIIHexDigit(peek()))
- m_err = InvalidUnicodeEscape;
+ break;
+ }
codePoint = (codePoint << 4) | toASCIIHexValue(consume());
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes