Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8224c0710a837e80650855d39fb722bec8e5e0e8
https://github.com/WebKit/WebKit/commit/8224c0710a837e80650855d39fb722bec8e5e0e8
Author: Yusuke Suzuki <[email protected]>
Date: 2023-08-28 (Mon, 28 Aug 2023)
Changed paths:
M Source/JavaScriptCore/runtime/RegExpCachedResult.h
M Source/JavaScriptCore/runtime/RegExpGlobalData.h
M Source/JavaScriptCore/runtime/RegExpGlobalDataInlines.h
M Source/JavaScriptCore/runtime/StringPrototype.cpp
M Source/JavaScriptCore/runtime/StringReplaceCache.h
M Source/JavaScriptCore/runtime/StringReplaceCacheInlines.h
Log Message:
-----------
[JSC] Speculative fix for wrong MatchResult in StringReplaceCache
https://bugs.webkit.org/show_bug.cgi?id=260839
rdar://111910989
Reviewed by Mark Lam.
StringReplaceCache needs to setup RegExpCachedResult as if we do matching
actually.
But it is wrongly setting MatchResult with the last failed matching. This is
fine if
ovector is not updated in the last matching, but it is wrong if it gets updated
even
in the failed RegExp matching. Failed to create such a test case, but anyway,
there is no
guarantee not doing this. So, let's save and restore the actual
RegExpCachedResult's MatchResult.
* Source/JavaScriptCore/runtime/RegExpCachedResult.h:
(JSC::RegExpCachedResult::result const):
* Source/JavaScriptCore/runtime/RegExpGlobalData.h:
* Source/JavaScriptCore/runtime/RegExpGlobalDataInlines.h:
(JSC::RegExpGlobalData::matchResult const):
(JSC::RegExpGlobalData::resetResultFromCache):
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::replaceUsingRegExpSearchWithCache):
* Source/JavaScriptCore/runtime/StringReplaceCache.h:
* Source/JavaScriptCore/runtime/StringReplaceCacheInlines.h:
(JSC::StringReplaceCache::set):
Canonical link: https://commits.webkit.org/267393@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
