147023 2015-07-16 16:02:00 -0700 RegExp::match() should set m_state to ByteCode if compilation fails. 2015-07-16 19:30:32 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 mark.lam mark.lam benjamin fpizlo ggaren keith_miller mmirman msaboff saam webkit-bug-importer oldest_to_newest 1110014 0 mark.lam 2015-07-16 16:02:00 -0700 A RegExp has a YarrCodeBlock that has 4 MacroAssemblerCodeRefs for compiled code. If one of these compilations succeeds, RegExp::m_state will be set to JITCode. Subsequently, if RegExp tries to compile another one of these but fails, m_state will be left untouched i.e. it still says JITCode. As a result, when RegExp::match() later tries to execute the non-existant compiled code, it will crash. The fix is to downgrade m_state to ByteCode if RegExp ever fails to compile. This failure should be rare. We'll do the minimal work here to fix the issue and keep an eye on the perf bots. If perf regresses, we can do some optimization work then. 1110015 1 mark.lam 2015-07-16 16:03:23 -0700 <rdar://problem/21764196> 1110019 2 256937 mark.lam 2015-07-16 16:13:28 -0700 Created attachment 256937 the fix. 1110024 3 256937 msaboff 2015-07-16 16:24:26 -0700 Comment on attachment 256937 the fix. r=me 1110061 4 mark.lam 2015-07-16 19:30:32 -0700 I've run the jsc and layout tests and did not see any regressions. Landed in r186920: <http://trac.webkit.org/r186920>. 256937 2015-07-16 16:13:28 -0700 2015-07-16 16:24:26 -0700 the fix. bug-147023.patch text/plain 3437 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTg2OTEyKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDMxIEBA CisyMDE1LTA3LTE2ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBS ZWdFeHA6Om1hdGNoKCkgc2hvdWxkIHNldCBtX3N0YXRlIHRvIEJ5dGVDb2RlIGlmIGNvbXBpbGF0 aW9uIGZhaWxzLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9MTQ3MDIzCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAg ICAgQSBSZWdFeHAgaGFzIGEgWWFyckNvZGVCbG9jayB0aGF0IGhhcyA0IE1hY3JvQXNzZW1ibGVy Q29kZVJlZnMgZm9yIGNvbXBpbGVkIGNvZGUuCisgICAgICAgIElmIG9uZSBvZiB0aGVzZSBjb21w aWxhdGlvbnMgc3VjY2VlZHMsIFJlZ0V4cDo6bV9zdGF0ZSB3aWxsIGJlIHNldCB0byBKSVRDb2Rl LgorICAgICAgICBTdWJzZXF1ZW50bHksIGlmIFJlZ0V4cCB0cmllcyB0byBjb21waWxlIGFub3Ro ZXIgb25lIG9mIHRoZXNlIGJ1dCBmYWlscywgbV9zdGF0ZQorICAgICAgICB3aWxsIGJlIGxlZnQg dW50b3VjaGVkIGkuZS4gaXQgc3RpbGwgc2F5cyBKSVRDb2RlLiAgQXMgYSByZXN1bHQsIHdoZW4K KyAgICAgICAgUmVnRXhwOjptYXRjaCgpIGxhdGVyIHRyaWVzIHRvIGV4ZWN1dGUgdGhlIG5vbi1l eGlzdGFudCBjb21waWxlZCBjb2RlLCBpdCB3aWxsCisgICAgICAgIGNyYXNoLgorCisgICAgICAg IFRoZSBmaXggaXMgdG8gZG93bmdyYWRlIG1fc3RhdGUgdG8gQnl0ZUNvZGUgaWYgUmVnRXhwIGV2 ZXIgZmFpbHMgdG8gY29tcGlsZS4KKyAgICAgICAgVGhpcyBmYWlsdXJlIHNob3VsZCBiZSByYXJl LiAgV2UnbGwgZG8gdGhlIG1pbmltYWwgd29yayBoZXJlIHRvIGZpeCB0aGUgaXNzdWUgYW5kCisg ICAgICAgIGtlZXAgYW4gZXllIG9uIHRoZSBwZXJmIGJvdHMuICBJZiBwZXJmIHJlZ3Jlc3Nlcywg d2UgY2FuIGRvIHNvbWUgb3B0aW1pemF0aW9uIHdvcmsgdGhlbi4KKworICAgICAgICBUaGlzIGlz c3VlIGlzIGRpZmZpY3VsdCB0byB0ZXN0IGZvciBzaW5jZSBpdCBlaXRoZXIgcmVxdWlyZXMgYSBs b3cgbWVtb3J5IGNvbmRpdGlvbgorICAgICAgICB0byB0cmlnZ2VyIGEgZmFpbGVkIFJlZ0V4cCBj b21waWxhdGlvbiBhdCB0aGUgcmlnaHQgbW9tZW50LCBvciBmb3IgdGhlIFJlZ0V4cCB0bworICAg ICAgICBzdWNjZWVkIGNvbXBpbGF0aW9uIGluIHRoZSBNYXRjaGVkT25seSBtb2RlIGJ1dCBmYWls IGluIEluY2x1ZGVTdWJwYXR0ZXJucyBtb2RlLgorICAgICAgICBJbnN0ZWFkLCBJIG1hbnVhbGx5 IHRlc3RlZCBpdCBieSBpbnN0cnVtZW50aW5nIFJlZ0V4cDo6Y29tcGlsZSgpIHRvIGZhaWwgb25j ZSBpbiBldmVyeQorICAgICAgICAxMCBjb21waWxhdGlvbiBhdHRlbXB0cy4KKworICAgICAgICAq IHJ1bnRpbWUvUmVnRXhwLmNwcDoKKyAgICAgICAgKEpTQzo6UmVnRXhwOjpjb21waWxlKToKKyAg ICAgICAgKEpTQzo6UmVnRXhwOjpjb21waWxlTWF0Y2hPbmx5KToKKwogMjAxNS0wNy0xNSAgQnJl bnQgRnVsZ2hhbSAgPGJmdWxnaGFtQGFwcGxlLmNvbT4KIAogICAgICAgICBbV2luXSBGaXggYXJt djcgYnVpbGQuCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9SZWdFeHAuY3Bw Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1JlZ0V4cC5jcHAJ KHJldmlzaW9uIDE4NjgyNikKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1JlZ0V4 cC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTI4OSwyMiArMjg5LDE2IEBAIHZvaWQgUmVnRXhwOjpj b21waWxlKFZNKiB2bSwgWWFycjo6WWFyckMKICNpZiBFTkFCTEUoWUFSUl9KSVQpCiAgICAgaWYg KCFwYXR0ZXJuLm1fY29udGFpbnNCYWNrcmVmZXJlbmNlcyAmJiAhcGF0dGVybi5jb250YWluc1Vu c2lnbmVkTGVuZ3RoUGF0dGVybigpICYmIHZtLT5jYW5Vc2VSZWdFeHBKSVQoKSkgewogICAgICAg ICBZYXJyOjpqaXRDb21waWxlKHBhdHRlcm4sIGNoYXJTaXplLCB2bSwgbV9yZWdFeHBKSVRDb2Rl KTsKLSNpZiBFTkFCTEUoWUFSUl9KSVRfREVCVUcpCi0gICAgICAgIGlmICghbV9yZWdFeHBKSVRD b2RlLmlzRmFsbEJhY2soKSkKLSAgICAgICAgICAgIG1fc3RhdGUgPSBKSVRDb2RlOwotICAgICAg ICBlbHNlCi0gICAgICAgICAgICBtX3N0YXRlID0gQnl0ZUNvZGU7Ci0jZWxzZQogICAgICAgICBp ZiAoIW1fcmVnRXhwSklUQ29kZS5pc0ZhbGxCYWNrKCkpIHsKICAgICAgICAgICAgIG1fc3RhdGUg PSBKSVRDb2RlOwogICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICB9Ci0jZW5kaWYKICAgICB9 CiAjZWxzZQogICAgIFVOVVNFRF9QQVJBTShjaGFyU2l6ZSk7CiAjZW5kaWYKIAorICAgIG1fc3Rh dGUgPSBCeXRlQ29kZTsKICAgICBtX3JlZ0V4cEJ5dGVjb2RlID0gWWFycjo6Ynl0ZUNvbXBpbGUo cGF0dGVybiwgJnZtLT5tX3JlZ0V4cEFsbG9jYXRvcik7CiB9CiAKQEAgLTQxNCwyMiArNDA4LDE2 IEBAIHZvaWQgUmVnRXhwOjpjb21waWxlTWF0Y2hPbmx5KFZNKiB2bSwgWWEKICNpZiBFTkFCTEUo WUFSUl9KSVQpCiAgICAgaWYgKCFwYXR0ZXJuLm1fY29udGFpbnNCYWNrcmVmZXJlbmNlcyAmJiAh cGF0dGVybi5jb250YWluc1Vuc2lnbmVkTGVuZ3RoUGF0dGVybigpICYmIHZtLT5jYW5Vc2VSZWdF eHBKSVQoKSkgewogICAgICAgICBZYXJyOjpqaXRDb21waWxlKHBhdHRlcm4sIGNoYXJTaXplLCB2 bSwgbV9yZWdFeHBKSVRDb2RlLCBZYXJyOjpNYXRjaE9ubHkpOwotI2lmIEVOQUJMRShZQVJSX0pJ VF9ERUJVRykKLSAgICAgICAgaWYgKCFtX3JlZ0V4cEpJVENvZGUuaXNGYWxsQmFjaygpKQotICAg ICAgICAgICAgbV9zdGF0ZSA9IEpJVENvZGU7Ci0gICAgICAgIGVsc2UKLSAgICAgICAgICAgIG1f c3RhdGUgPSBCeXRlQ29kZTsKLSNlbHNlCiAgICAgICAgIGlmICghbV9yZWdFeHBKSVRDb2RlLmlz RmFsbEJhY2soKSkgewogICAgICAgICAgICAgbV9zdGF0ZSA9IEpJVENvZGU7CiAgICAgICAgICAg ICByZXR1cm47CiAgICAgICAgIH0KLSNlbmRpZgogICAgIH0KICNlbHNlCiAgICAgVU5VU0VEX1BB UkFNKGNoYXJTaXplKTsKICNlbmRpZgogCisgICAgbV9zdGF0ZSA9IEJ5dGVDb2RlOwogICAgIG1f cmVnRXhwQnl0ZWNvZGUgPSBZYXJyOjpieXRlQ29tcGlsZShwYXR0ZXJuLCAmdm0tPm1fcmVnRXhw QWxsb2NhdG9yKTsKIH0KIAo=