Skip to site navigation (Press enter)

[webkit-changes] [94254] trunk/Source/JavaScriptCore

oliver Wed, 31 Aug 2011 17:20:22 -0700

Title: [94254] trunk/Source/_javascript_Core

Revision: 94254
Author: [email protected]
Date: 2011-08-31 17:21:20 -0700 (Wed, 31 Aug 2011)

Log Message

fast/regex/overflow.html asserts in debug builds
https://bugs.webkit.org/show_bug.cgi?id=67326


Reviewed by Gavin Barraclough.

The deliberate overflows in these expressions don't interact nicely
with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
intermediate calculations.

* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/yarr/YarrJIT.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (94253 => 94254)


--- trunk/Source/_javascript_Core/ChangeLog	2011-09-01 00:14:17 UTC (rev 94253)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-09-01 00:21:20 UTC (rev 94254)
@@ -1,3 +1,18 @@
+2011-08-31  Oliver Hunt  <[email protected]>
+
+        fast/regex/overflow.html asserts in debug builds
+        https://bugs.webkit.org/show_bug.cgi?id=67326
+
+        Reviewed by Gavin Barraclough.
+
+        The deliberate overflows in these expressions don't interact nicely
+        with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
+        intermediate calculations.
+
+        * yarr/YarrJIT.cpp:
+        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+
 2011-08-31  Jeff Miller  <[email protected]>
 
         REGRESSION(92210): AVFoundation media engine is disabled on OS X

Modified: trunk/Source/_javascript_Core/yarr/YarrJIT.cpp (94253 => 94254)


--- trunk/Source/_javascript_Core/yarr/YarrJIT.cpp	2011-09-01 00:14:17 UTC (rev 94253)
+++ trunk/Source/_javascript_Core/yarr/YarrJIT.cpp	2011-09-01 00:21:20 UTC (rev 94254)
@@ -719,7 +719,7 @@
         sub32(Imm32(term->quantityCount.unsafeGet()), countRegister);
 
         Label loop(this);
-        BaseIndex address(input, countRegister, TimesTwo, ((term->inputPosition - m_checked + Checked<int>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet());
+        BaseIndex address(input, countRegister, TimesTwo, (Checked<int>(term->inputPosition - m_checked + Checked<int64_t>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet());
 
         if (m_pattern.m_ignoreCase && isASCIIAlpha(ch)) {
             load16(address, character);
@@ -873,7 +873,7 @@
 
         Label loop(this);
         JumpList matchDest;
-        load16(BaseIndex(input, countRegister, TimesTwo, ((term->inputPosition - m_checked + Checked<int>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet()), character);
+        load16(BaseIndex(input, countRegister, TimesTwo, (Checked<int>(term->inputPosition - m_checked + Checked<int64_t>(term->quantityCount)) * static_cast<int>(sizeof(UChar))).unsafeGet()), character);
         matchCharacterClass(character, matchDest, term->characterClass);
 
         if (term->invert())

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes