Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2693828e8d7300d8f20c194af1a260163044b13a
https://github.com/WebKit/WebKit/commit/2693828e8d7300d8f20c194af1a260163044b13a
Author: Sosuke Suzuki <[email protected]>
Date: 2026-02-18 (Wed, 18 Feb 2026)
Changed paths:
A JSTests/stress/regexp-backreference-unicode-offset.js
M Source/JavaScriptCore/yarr/YarrJIT.cpp
Log Message:
-----------
[YARR] Fix incorrect offset when reading pattern character for Unicode
backreference in JIT
https://bugs.webkit.org/show_bug.cgi?id=308046
Reviewed by Yusuke Suzuki.
In matchBackreference(), the Unicode (surrogate pair) path used
`op.m_checkedOffset - term->inputPosition` as the offset for reading
the captured pattern character via patternIndex. However, patternIndex
holds an absolute position into the captured text, so the offset should
be 0, as it already is in the non-Unicode path.
When there are terms following the backreference (e.g., /(.)\1c/u),
checkedOffset differs from inputPosition, causing the JIT to read from
the wrong position in the captured text and incorrectly failing to match.
Test: JSTests/stress/regexp-backreference-unicode-offset.js
* JSTests/stress/regexp-backreference-unicode-offset.js: Added.
(shouldBe):
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
Canonical link: https://commits.webkit.org/307791@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
