[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.3-2-25-gb2c19be
Gustavo Noronha Silva
gns at gnome.org
Mon Sep 6 13:09:42 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 63528d9c152c1f18fe82583b58e2348c86eeb266
Author: ddkilzer at apple.com <ddkilzer at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jul 2 16:45:41 2010 +0000
2010-07-02 Peter Varga <pvarga at inf.u-szeged.hu>
Reviewed by Oliver Hunt.
The alternativeFrameLocation value is wrong in the emitDisjunction function in
case of PatternTerm::TypeParentheticalAssertion. This value needs to be
computed from term.frameLocation instead of term.inputPosition. This mistake caused glibc
memory corruption in some cases.
Layout test added for checking of TypeParentheticalAssertion case.
https://bugs.webkit.org/show_bug.cgi?id=41458
* yarr/RegexInterpreter.cpp:
(JSC::Yarr::ByteCompiler::emitDisjunction):
2010-07-02 Peter Varga <pvarga at inf.u-szeged.hu>
Reviewed by Oliver Hunt.
The alternativeFrameLocation value is wrong in the emitDisjunction function in
case of PatternTerm::TypeParentheticalAssertion. This value needs to be
computed from term.frameLocation instead of term.inputPosition. This mistake caused glibc
memory corruption in some cases.
Layout test added for checking of TypeParentheticalAssertion case.
https://bugs.webkit.org/show_bug.cgi?id=41458
* fast/js/regexp-look-ahead-expected.txt: Added.
* fast/js/regexp-look-ahead.html: Added.
* fast/js/script-tests/regexp-look-ahead.js: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@62386 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 4199dfc..0ddd220 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,17 @@
+2010-07-02 Peter Varga <pvarga at inf.u-szeged.hu>
+
+ Reviewed by Oliver Hunt.
+
+ The alternativeFrameLocation value is wrong in the emitDisjunction function in
+ case of PatternTerm::TypeParentheticalAssertion. This value needs to be
+ computed from term.frameLocation instead of term.inputPosition. This mistake caused glibc
+ memory corruption in some cases.
+ Layout test added for checking of TypeParentheticalAssertion case.
+ https://bugs.webkit.org/show_bug.cgi?id=41458
+
+ * yarr/RegexInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+
2010-07-01 Oliver Hunt <oliver at apple.com>
Reviewed by Geoff Garen.
diff --git a/JavaScriptCore/yarr/RegexInterpreter.cpp b/JavaScriptCore/yarr/RegexInterpreter.cpp
index c2cb1c2..647b20a 100644
--- a/JavaScriptCore/yarr/RegexInterpreter.cpp
+++ b/JavaScriptCore/yarr/RegexInterpreter.cpp
@@ -1554,7 +1554,7 @@ public:
}
case PatternTerm::TypeParentheticalAssertion: {
- unsigned alternativeFrameLocation = term.inputPosition + RegexStackSpaceForBackTrackInfoParentheticalAssertion;
+ unsigned alternativeFrameLocation = term.frameLocation + RegexStackSpaceForBackTrackInfoParentheticalAssertion;
atomParentheticalAssertionBegin(term.parentheses.subpatternId, term.invertOrCapture, term.frameLocation, alternativeFrameLocation);
emitDisjunction(term.parentheses.disjunction, currentCountAlreadyChecked, 0);
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 8767f90..a615fe9 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2010-07-02 Peter Varga <pvarga at inf.u-szeged.hu>
+
+ Reviewed by Oliver Hunt.
+
+ The alternativeFrameLocation value is wrong in the emitDisjunction function in
+ case of PatternTerm::TypeParentheticalAssertion. This value needs to be
+ computed from term.frameLocation instead of term.inputPosition. This mistake caused glibc
+ memory corruption in some cases.
+ Layout test added for checking of TypeParentheticalAssertion case.
+ https://bugs.webkit.org/show_bug.cgi?id=41458
+
+ * fast/js/regexp-look-ahead-expected.txt: Added.
+ * fast/js/regexp-look-ahead.html: Added.
+ * fast/js/script-tests/regexp-look-ahead.js: Added.
+
2010-07-01 Oliver Hunt <oliver at apple.com>
Reviewed by Geoff Garen.
diff --git a/LayoutTests/fast/js/regexp-look-ahead-expected.txt b/LayoutTests/fast/js/regexp-look-ahead-expected.txt
new file mode 100644
index 0000000..5306f76
--- /dev/null
+++ b/LayoutTests/fast/js/regexp-look-ahead-expected.txt
@@ -0,0 +1,11 @@
+Test for regression against Yarr Interpreter is crashing in some cases of look-ahead regex patterns
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS "ab".match(/a(?=b|c)/) is ["a"]
+PASS "abd".match(/a(?=c|b)|d/) is ["a"]
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/js/regexp-look-ahead.html b/LayoutTests/fast/js/regexp-look-ahead.html
new file mode 100644
index 0000000..1387923
--- /dev/null
+++ b/LayoutTests/fast/js/regexp-look-ahead.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="resources/js-test-style.css">
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/regexp-look-ahead.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/js/script-tests/regexp-look-ahead.js b/LayoutTests/fast/js/script-tests/regexp-look-ahead.js
new file mode 100644
index 0000000..5b1f0cb
--- /dev/null
+++ b/LayoutTests/fast/js/script-tests/regexp-look-ahead.js
@@ -0,0 +1,8 @@
+description(
+'Test for regression against <a href="https://bugs.webkit.org/show_bug.cgi?id=41458">Yarr Interpreter is crashing in some cases of look-ahead regex patterns</a>'
+);
+
+shouldBe('"ab".match(/a(?=b|c)/)', '["a"]');
+shouldBe('"abd".match(/a(?=c|b)|d/)', '["a"]');
+
+var successfullyParsed = true;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list