- Revision
- 274806
- Author
- [email protected]
- Date
- 2021-03-22 15:06:52 -0700 (Mon, 22 Mar 2021)
Log Message
[YARR] Interpreter incorrectly matches non-BMP characters with multiple .
https://bugs.webkit.org/show_bug.cgi?id=223498
Reviewed by Yusuke Suzuki.
JSTests:
New test.
* stress/regexp-dot-match-nonBMP.js: Added.
(shouldMatch):
(shouldntMatch):
Source/_javascript_Core:
We need to check that we read an actual character before seeing if it is part of a character class.
In the case where we are checking that a character is not in a character class, like .,
the failed to read result from input.readChecked(), -1, is not part of the newline character class.
This will allow regular expressions that require more than the number of characters in a string
to match.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::checkCharacterClass):
LayoutTests:
Updated test.
* fast/forms/ValidityState-patternMismatch-expected.txt:
* fast/forms/ValidityState-patternMismatch.html:
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (274805 => 274806)
--- trunk/JSTests/ChangeLog 2021-03-22 22:05:48 UTC (rev 274805)
+++ trunk/JSTests/ChangeLog 2021-03-22 22:06:52 UTC (rev 274806)
@@ -1,3 +1,16 @@
+2021-03-22 Michael Saboff <[email protected]>
+
+ [YARR] Interpreter incorrectly matches non-BMP characters with multiple .
+ https://bugs.webkit.org/show_bug.cgi?id=223498
+
+ Reviewed by Yusuke Suzuki.
+
+ New test.
+
+ * stress/regexp-dot-match-nonBMP.js: Added.
+ (shouldMatch):
+ (shouldntMatch):
+
2021-03-22 Yusuke Suzuki <[email protected]>
[JSC] Intl.Locale should not assume is8Bit
Added: trunk/JSTests/stress/regexp-dot-match-nonBMP.js (0 => 274806)
--- trunk/JSTests/stress/regexp-dot-match-nonBMP.js (rev 0)
+++ trunk/JSTests/stress/regexp-dot-match-nonBMP.js 2021-03-22 22:06:52 UTC (rev 274806)
@@ -0,0 +1,20 @@
+function shouldMatch(regexp, str) {
+ let result = regexp.test(str);
+ if (result !== true)
+ throw new Error("Expected " + regexp + ".test(\"" + str + "\") to be true, but wasn't");
+}
+
+function shouldntMatch(regexp, str) {
+ let result = regexp.test(str);
+ if (result !== false)
+ throw new Error("Expected " + regexp + ".test(\"" + str + "\") to be false, but wasn't");
+}
+
+let s = String.fromCodePoint(0x10000);
+
+shouldMatch(/./, s);
+shouldMatch(/./u, s);
+shouldMatch(/../, s);
+shouldntMatch(/../u, s);
+shouldntMatch(/.../, s);
+shouldntMatch(/.../u, s);
Modified: trunk/LayoutTests/ChangeLog (274805 => 274806)
--- trunk/LayoutTests/ChangeLog 2021-03-22 22:05:48 UTC (rev 274805)
+++ trunk/LayoutTests/ChangeLog 2021-03-22 22:06:52 UTC (rev 274806)
@@ -1,3 +1,15 @@
+2021-03-22 Michael Saboff <[email protected]>
+
+ [YARR] Interpreter incorrectly matches non-BMP characters with multiple .
+ https://bugs.webkit.org/show_bug.cgi?id=223498
+
+ Reviewed by Yusuke Suzuki.
+
+ Updated test.
+
+ * fast/forms/ValidityState-patternMismatch-expected.txt:
+ * fast/forms/ValidityState-patternMismatch.html:
+
2021-03-22 Chris Gambrell <[email protected]>
[LayoutTests] Convert http/tests/multipart convert PHP to Python
Modified: trunk/LayoutTests/fast/forms/ValidityState-patternMismatch-expected.txt (274805 => 274806)
--- trunk/LayoutTests/fast/forms/ValidityState-patternMismatch-expected.txt 2021-03-22 22:05:48 UTC (rev 274805)
+++ trunk/LayoutTests/fast/forms/ValidityState-patternMismatch-expected.txt 2021-03-22 22:06:52 UTC (rev 274806)
@@ -29,7 +29,6 @@
PASS patternMismatchFor("match-19") is false
PASS patternMismatchFor("match-20") is false
PASS patternMismatchFor("match-21") is false
-PASS patternMismatchFor("match-22") is false
PASS patternMismatchFor("wrong-gray-or-grey") is true
PASS patternMismatchFor("gray") is false
PASS patternMismatchFor("grey") is false
@@ -56,6 +55,7 @@
PASS patternMismatchFor("mismatch-20") is true
PASS patternMismatchFor("mismatch-21") is true
PASS patternMismatchFor("mismatch-22") is true
+PASS patternMismatchFor("mismatch-23") is true
PASS patternMismatchFor("empty-pattern-match") is false
PASS patternMismatchFor("empty-pattern-mismatch") is true
PASS patternMismatchFor("invalid-01") is false
Modified: trunk/LayoutTests/fast/forms/ValidityState-patternMismatch.html (274805 => 274806)
--- trunk/LayoutTests/fast/forms/ValidityState-patternMismatch.html 2021-03-22 22:05:48 UTC (rev 274805)
+++ trunk/LayoutTests/fast/forms/ValidityState-patternMismatch.html 2021-03-22 22:06:52 UTC (rev 274806)
@@ -33,7 +33,6 @@
<input id="match-19" type="text" pattern="10|11|12|[0-9]" value="12" />
<input id="match-20" type="text" pattern="f(o|e)\1" value="foo" />
<input id="match-21" type="text" pattern="a.b" value="a𝌆b" />
-<input id="match-22" type="text" pattern="a..b" value="a𝌆b" />
<input id="empty-pattern-match" type="text" pattern="" value="" />
<input id="wrong-gray-or-grey" type="text" pattern="gr[ae]y" value="Wrong!"
/><input id="gray" type="text" pattern="gr[ae]y" value="gray"
@@ -60,7 +59,8 @@
/><input id="mismatch-19" type="text" pattern="^" value="wrong"
/><input id="mismatch-20" type="text" pattern="$" value="wrong"
/><input id="mismatch-21" type="text" pattern="f(o|e)\1" value="foe"
-/><input id="mismatch-22" type="text" pattern="a...b" value="a𝌆b" />
+/><input id="mismatch-22" type="text" pattern="a..b" value="a𝌆b" />
+<input id="mismatch-23" type="text" pattern="a...b" value="a𝌆b" />
<input id="invalid-01" type="text" pattern=")foo(" value="foo"/>
<input id="invalid-02" type="text" pattern=")foo(" value="foobar"/>
@@ -107,7 +107,6 @@
shouldBeFalse('patternMismatchFor("match-19")');
shouldBeFalse('patternMismatchFor("match-20")');
shouldBeFalse('patternMismatchFor("match-21")');
-shouldBeFalse('patternMismatchFor("match-22")');
shouldBeTrue('patternMismatchFor("wrong-gray-or-grey")');
shouldBeFalse('patternMismatchFor("gray")');
@@ -136,6 +135,7 @@
shouldBeTrue('patternMismatchFor("mismatch-20")');
shouldBeTrue('patternMismatchFor("mismatch-21")');
shouldBeTrue('patternMismatchFor("mismatch-22")');
+shouldBeTrue('patternMismatchFor("mismatch-23")');
shouldBeFalse('patternMismatchFor("empty-pattern-match")');
shouldBeTrue('patternMismatchFor("empty-pattern-mismatch")');
Modified: trunk/Source/_javascript_Core/ChangeLog (274805 => 274806)
--- trunk/Source/_javascript_Core/ChangeLog 2021-03-22 22:05:48 UTC (rev 274805)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-03-22 22:06:52 UTC (rev 274806)
@@ -1,3 +1,19 @@
+2021-03-22 Michael Saboff <[email protected]>
+
+ [YARR] Interpreter incorrectly matches non-BMP characters with multiple .
+ https://bugs.webkit.org/show_bug.cgi?id=223498
+
+ Reviewed by Yusuke Suzuki.
+
+ We need to check that we read an actual character before seeing if it is part of a character class.
+ In the case where we are checking that a character is not in a character class, like .,
+ the failed to read result from input.readChecked(), -1, is not part of the newline character class.
+ This will allow regular expressions that require more than the number of characters in a string
+ to match.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::checkCharacterClass):
+
2021-03-22 Ross Kirsling <[email protected]>
Unreviewed, fix Mac and non-unified JSCOnly builds
Modified: trunk/Source/_javascript_Core/yarr/YarrInterpreter.cpp (274805 => 274806)
--- trunk/Source/_javascript_Core/yarr/YarrInterpreter.cpp 2021-03-22 22:05:48 UTC (rev 274805)
+++ trunk/Source/_javascript_Core/yarr/YarrInterpreter.cpp 2021-03-22 22:06:52 UTC (rev 274806)
@@ -425,7 +425,11 @@
bool checkCharacterClass(CharacterClass* characterClass, bool invert, unsigned negativeInputOffset)
{
- bool match = testCharacterClass(characterClass, input.readChecked(negativeInputOffset));
+ int inputChar = input.readChecked(negativeInputOffset);
+ if (inputChar < 0)
+ return false;
+
+ bool match = testCharacterClass(characterClass, inputChar);
return invert ? !match : match;
}
