Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 3713b5294002cff4f0149ec026265aea3a555556
https://github.com/WebKit/WebKit/commit/3713b5294002cff4f0149ec026265aea3a555556
Author: Michael Saboff <[email protected]>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
M JSTests/stress/regexp-vflag-property-of-strings.js
M Source/JavaScriptCore/yarr/YarrErrorCode.cpp
M Source/JavaScriptCore/yarr/YarrErrorCode.h
M Source/JavaScriptCore/yarr/YarrParser.h
M Source/JavaScriptCore/yarr/YarrPattern.cpp
Log Message:
-----------
[JSC] ASSERTION FAILED: term.quantityMinCount == 1 && term.quantityMaxCount
== 1 && term.quantityType == QuantifierType::FixedCount
https://bugs.webkit.org/show_bug.cgi?id=257432
rdar://109355826
Reviewed by Yusuke Suzuki.
This crash was due to not properly recognizing that the class set prior to the
quantifier
was invalid due to inverted contents that contained strings.
Strengthened the "May Contain Strings" processing in accordance with the
specification changes
for Class Sets. Instead of trying to compute the error cases during parsing
involving may
contain strings, that computation is now centralized in the new
ClassSetParserDelegate::computeMayContainStrings() method. Now the various
productions
feed their string-ness into the new method. The error determination using the
results of that
computation is done when a class set is closed, including nested sets. Added a
new Token Type,
SetDisjunctionMayContainStrings, for Set Disjunctions that contain strings.
While writing new tests, found that there was a bug with expressions like:
/[[\q{abc|a}&&a}]/v
We were not handling the intersection where the RHS of the intersection doesn't
include any
strings.
Also found and fixed spelling error in ClassStringDIsjunctionUnmatched.
Added several syntax and matching tests.
* JSTests/stress/regexp-vflag-property-of-strings.js:
* Source/JavaScriptCore/yarr/YarrErrorCode.cpp:
(JSC::Yarr::errorMessage):
(JSC::Yarr::errorToThrow):
* Source/JavaScriptCore/yarr/YarrErrorCode.h:
* Source/JavaScriptCore/yarr/YarrParser.h:
(JSC::Yarr::Parser::ClassSetParserDelegate::NestingState::NestingState):
(JSC::Yarr::Parser::ClassSetParserDelegate::ClassSetParserDelegate):
(JSC::Yarr::Parser::ClassSetParserDelegate::nestedClassBegin):
(JSC::Yarr::Parser::ClassSetParserDelegate::nestedClassEnd):
(JSC::Yarr::Parser::ClassSetParserDelegate::computeMayContainStrings):
(JSC::Yarr::Parser::ClassSetParserDelegate::atomBuiltInCharacterClass):
(JSC::Yarr::Parser::ClassSetParserDelegate::end):
(JSC::Yarr::Parser::ClassSetParserDelegate::isInverted):
(JSC::Yarr::Parser::ClassStringDisjunctionParserDelegate::ClassStringDisjunctionParserDelegate):
(JSC::Yarr::Parser::ClassStringDisjunctionParserDelegate::atomPatternCharacter):
(JSC::Yarr::Parser::ClassStringDisjunctionParserDelegate::mayContainStrings):
(JSC::Yarr::Parser::parseEscape):
(JSC::Yarr::Parser::parseClassSet):
(JSC::Yarr::Parser::parseClassStringDisjunction):
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::putCharNonUnion):
Canonical link: https://commits.webkit.org/264704@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
