Title: [203202] trunk
- Revision
- 203202
- Author
- [email protected]
- Date
- 2016-07-13 17:11:56 -0700 (Wed, 13 Jul 2016)
Log Message
Some bad unicode regex escapes aren't flagged as errors
https://bugs.webkit.org/show_bug.cgi?id=158080
Reviewed by Saam Barati.
Source/_javascript_Core:
If we have a partial unicode escape, eg /\u{1/u or /\u12|abc/u, we
didn't check for the closing '}' and processed the unicode escape with
the hex value provided.
Added a check that we properly terminated a \u{} unicode escape.
If we fail that check and there isn't a prior error, we record that we
have an invalid unicode escape. The next existing line in the code will
terminate parsing and bubble up the error.
* yarr/YarrParser.h:
(JSC::Yarr::Parser::parseEscape):
LayoutTests:
New tests.
* js/regress-158080.html: Added.
* js/script-tests/regress-158080.js: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (203201 => 203202)
--- trunk/LayoutTests/ChangeLog 2016-07-14 00:08:29 UTC (rev 203201)
+++ trunk/LayoutTests/ChangeLog 2016-07-14 00:11:56 UTC (rev 203202)
@@ -1,3 +1,15 @@
+2016-07-13 Michael Saboff <[email protected]>
+
+ Some bad unicode regex escapes aren't flagged as errors
+ https://bugs.webkit.org/show_bug.cgi?id=158080
+
+ Reviewed by Saam Barati.
+
+ New tests.
+
+ * js/regress-158080.html: Added.
+ * js/script-tests/regress-158080.js: Added.
+
2016-07-13 Jiewen Tan <[email protected]>
Import W3C WebCryptoAPI tests
Added: trunk/LayoutTests/js/regress-158080-expected.txt (0 => 203202)
--- trunk/LayoutTests/js/regress-158080-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress-158080-expected.txt 2016-07-14 00:11:56 UTC (rev 203202)
@@ -0,0 +1,20 @@
+Regresion test for 158080. This test should pass and not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS let r = /\u{|abc/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{1/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{12/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{123/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{1234/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{abcde/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{abcdef/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{1111111}/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{fedbca98}/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS let r = /\u{1{123}}/u threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/regress-158080.html (0 => 203202)
--- trunk/LayoutTests/js/regress-158080.html (rev 0)
+++ trunk/LayoutTests/js/regress-158080.html 2016-07-14 00:11:56 UTC (rev 203202)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/js/script-tests/regress-158080.js (0 => 203202)
--- trunk/LayoutTests/js/script-tests/regress-158080.js (rev 0)
+++ trunk/LayoutTests/js/script-tests/regress-158080.js 2016-07-14 00:11:56 UTC (rev 203202)
@@ -0,0 +1,13 @@
+description("Regresion test for 158080. This test should pass and not crash.");
+
+shouldThrow("let r = /\\u{|abc/u");
+shouldThrow("let r = /\\u{/u");
+shouldThrow("let r = /\\u{1/u");
+shouldThrow("let r = /\\u{12/u");
+shouldThrow("let r = /\\u{123/u");
+shouldThrow("let r = /\\u{1234/u");
+shouldThrow("let r = /\\u{abcde/u");
+shouldThrow("let r = /\\u{abcdef/u");
+shouldThrow("let r = /\\u{1111111}/u");
+shouldThrow("let r = /\\u{fedbca98}/u");
+shouldThrow("let r = /\\u{1{123}}/u");
Modified: trunk/Source/_javascript_Core/ChangeLog (203201 => 203202)
--- trunk/Source/_javascript_Core/ChangeLog 2016-07-14 00:08:29 UTC (rev 203201)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-07-14 00:11:56 UTC (rev 203202)
@@ -1,3 +1,22 @@
+2016-07-13 Michael Saboff <[email protected]>
+
+ Some bad unicode regex escapes aren't flagged as errors
+ https://bugs.webkit.org/show_bug.cgi?id=158080
+
+ Reviewed by Saam Barati.
+
+ If we have a partial unicode escape, eg /\u{1/u or /\u12|abc/u, we
+ didn't check for the closing '}' and processed the unicode escape with
+ the hex value provided.
+
+ Added a check that we properly terminated a \u{} unicode escape.
+ If we fail that check and there isn't a prior error, we record that we
+ have an invalid unicode escape. The next existing line in the code will
+ terminate parsing and bubble up the error.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::parseEscape):
+
2016-07-13 Chris Dumez <[email protected]>
Unreviewed, rolling out r203199.
Modified: trunk/Source/_javascript_Core/yarr/YarrParser.h (203201 => 203202)
--- trunk/Source/_javascript_Core/yarr/YarrParser.h 2016-07-14 00:08:29 UTC (rev 203201)
+++ trunk/Source/_javascript_Core/yarr/YarrParser.h 2016-07-14 00:11:56 UTC (rev 203202)
@@ -458,8 +458,10 @@
if (codePoint > UCHAR_MAX_VALUE)
m_err = InvalidUnicodeEscape;
} while (!atEndOfPattern() && peek() != '}');
- if (!atEndOfPattern())
+ if (!atEndOfPattern() && peek() == '}')
consume();
+ else if (!m_err)
+ m_err = InvalidUnicodeEscape;
if (m_err)
return false;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
