Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1c2510c51bca8fefd22f5f3eef3579c9e26bb211 https://github.com/WebKit/WebKit/commit/1c2510c51bca8fefd22f5f3eef3579c9e26bb211 Author: Michael Saboff <msab...@apple.com> Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths: A JSTests/stress/regexp-duplicate-named-captures-interpreter.js M JSTests/stress/regexp-duplicate-named-captures.js M Source/JavaScriptCore/yarr/YarrInterpreter.cpp Log Message: ----------- [JSC] WTF::CrashOnOverflow::crash() with ''.search('(?<A>)|(?<A>)*\\k<A>'); https://bugs.webkit.org/show_bug.cgi?id=257180 rdar://109356634 Reviewed by Alexey Shvayka. Updated the generic RegExp SubPattern byte code generation to add the duplicate named group ID to the ByteTerm::Type::ParenthesesSubpattern only since we don't create an matching ParenthesesSubpatternEnd byte term. Also added code in recordParenthesesMatch() to set the subpatternId for the duplicate named group when one of its subpatterns matches. Added two new tests and since this only happened in the Yarr Interpreter, I created a test wrapper that calls stress/regexp-duplicate-named-captures.js with the RegExp JIT turned off. * JSTests/stress/regexp-duplicate-named-captures-interpreter.js: Added. * JSTests/stress/regexp-duplicate-named-captures.js: * Source/JavaScriptCore/yarr/YarrInterpreter.cpp: (JSC::Yarr::Interpreter::recordParenthesesMatch): (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd): Canonical link: https://commits.webkit.org/264441@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes