[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
msaboff at apple.com
msaboff at apple.com
Sun Feb 20 23:36:01 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit bb3b3ae4ebe4595d913e6a3ba625dcb5d04a896c
Author: msaboff at apple.com <msaboff at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jan 21 23:52:29 2011 +0000
2011-01-21 Michael Saboff <msaboff at apple.com>
Reviewed by Oliver Hunt.
[RegexFuzz] Hang with forward assertion
https://bugs.webkit.org/show_bug.cgi?id=52825
<rdar://problem/8894332>
The backtrackTo label from the first term in a list of terms is
being overwritten by processing of subsequent terms. Changed
copyBacktrackToLabel() to check for an existing bcaktrackTo label
before copying and renamed it to propagateBacktrackToLabel() since
it no longer copies.
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::BacktrackDestination::propagateBacktrackToLabel):
(JSC::Yarr::YarrGenerator::generateParenthesesSingle):
2011-01-21 Michael Saboff <msaboff at apple.com>
Reviewed by Oliver Hunt.
[RegexFuzz] Hang with forward assertion
https://bugs.webkit.org/show_bug.cgi?id=52825
<rdar://problem/8894332>
New tests to check for functionality and future regression.
* fast/regex/parentheses-expected.txt:
* fast/regex/script-tests/parentheses.js:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76407 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index c951bda..8746659 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2011-01-21 Michael Saboff <msaboff at apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ [RegexFuzz] Hang with forward assertion
+ https://bugs.webkit.org/show_bug.cgi?id=52825
+ <rdar://problem/8894332>
+
+ New tests to check for functionality and future regression.
+
+ * fast/regex/parentheses-expected.txt:
+ * fast/regex/script-tests/parentheses.js:
+
2011-01-21 Maciej Stachowiak <mjs at apple.com>
Reviewed by Adele Peterson.
diff --git a/LayoutTests/fast/regex/parentheses-expected.txt b/LayoutTests/fast/regex/parentheses-expected.txt
index 33672e9..0d4458d 100644
--- a/LayoutTests/fast/regex/parentheses-expected.txt
+++ b/LayoutTests/fast/regex/parentheses-expected.txt
@@ -75,6 +75,10 @@ PASS /(?!(?=r{0}){2,})|((z)?)?/gi.test('') is true
PASS regexp43.exec('SSS') is ['']
PASS regexp44.exec('SSS') is ['',undefined]
PASS regexp45.exec('vt') is null
+PASS regexp46.exec('5') is null
+PASS regexp46.exec('pk') is ['pk',undefined,undefined]
+PASS regexp46.exec('Xw555') is ['w555','w',undefined]
+PASS regexp46.exec('Xw55pk5') is ['w','w','']
PASS 'Hi Bob'.match(/(Rob)|(Bob)|(Robert)|(Bobby)/) is ['Bob',undefined,'Bob',undefined,undefined]
PASS successfullyParsed is true
diff --git a/LayoutTests/fast/regex/script-tests/parentheses.js b/LayoutTests/fast/regex/script-tests/parentheses.js
index 1b11941..f942e80 100644
--- a/LayoutTests/fast/regex/script-tests/parentheses.js
+++ b/LayoutTests/fast/regex/script-tests/parentheses.js
@@ -202,6 +202,12 @@ shouldBe("regexp44.exec('SSS')", "['',undefined]");
var regexp45 = /((?!(?:|)v{2,}|))/;
shouldBeNull("regexp45.exec('vt')");
+var regexp46 = /(w)(?:5{3}|())|pk/;
+shouldBeNull("regexp46.exec('5')");
+shouldBe("regexp46.exec('pk')", "['pk',undefined,undefined]");
+shouldBe("regexp46.exec('Xw555')", "['w555','w',undefined]");
+shouldBe("regexp46.exec('Xw55pk5')", "['w','w','']");
+
shouldBe("'Hi Bob'.match(/(Rob)|(Bob)|(Robert)|(Bobby)/)", "['Bob',undefined,'Bob',undefined,undefined]");
var successfullyParsed = true;
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 54448c6..a5391bf 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,21 @@
+2011-01-21 Michael Saboff <msaboff at apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ [RegexFuzz] Hang with forward assertion
+ https://bugs.webkit.org/show_bug.cgi?id=52825
+ <rdar://problem/8894332>
+
+ The backtrackTo label from the first term in a list of terms is
+ being overwritten by processing of subsequent terms. Changed
+ copyBacktrackToLabel() to check for an existing bcaktrackTo label
+ before copying and renamed it to propagateBacktrackToLabel() since
+ it no longer copies.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::BacktrackDestination::propagateBacktrackToLabel):
+ (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
+
2011-01-21 Geoffrey Garen <ggaren at apple.com>
Reviewed by Sam Weinig.
diff --git a/Source/JavaScriptCore/yarr/YarrJIT.cpp b/Source/JavaScriptCore/yarr/YarrJIT.cpp
index 38430c8..9d13d45 100644
--- a/Source/JavaScriptCore/yarr/YarrJIT.cpp
+++ b/Source/JavaScriptCore/yarr/YarrJIT.cpp
@@ -606,9 +606,9 @@ class YarrGenerator : private MacroAssembler {
m_nextBacktrack->setLabel(label);
}
- void copyBacktrackToLabel(BacktrackDestination& rhs)
+ void propagateBacktrackToLabel(const BacktrackDestination& rhs)
{
- if (rhs.m_backtrackToLabel)
+ if (!m_backtrackToLabel && rhs.m_backtrackToLabel)
m_backtrackToLabel = rhs.m_backtrackToLabel;
}
@@ -1661,7 +1661,7 @@ class YarrGenerator : private MacroAssembler {
BacktrackDestination& stateBacktrack = state.getBacktrackDestination();
state.propagateBacktrackingFrom(this, parenthesesBacktrack);
- stateBacktrack.copyBacktrackToLabel(parenthesesBacktrack);
+ stateBacktrack.propagateBacktrackToLabel(parenthesesBacktrack);
m_expressionState.decrementParenNestingLevel();
} else {
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list