Bug 168593

Summary:	ASSERTION FAILED: "m_state != ParseError" when adding Unicode flag to RegExp whose pattern isn't valid under Unicode mode
Product:	WebKit	Reporter:	André Bargull <andre.bargull>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	NEW
Severity:	Normal	CC:	fpizlo, msaboff, nth10sd
Priority:	P2
Version:	WebKit Local Build
Hardware:	Unspecified
OS:	Unspecified

André Bargull

Reported 2017-02-20 06:36:19 PST

Revision: 212634 Test case: --- var re = RegExp(/\a/, "u"); re.test(""); --- Triggers this assertion: --- ASSERTION FAILED: m_state != ParseError ../../Source/JavaScriptCore/runtime/RegExpInlines.h(198) : JSC::MatchResult JSC::RegExp::matchInline(JSC::VM&, const WTF::String&, unsigned int) --- Stacktrace: --- #0 0x00007ffff6dc6f98 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:323 #1 0x00007ffff6c90d42 in JSC::RegExp::matchInline (this=0x7fffaef9f4a0, vm=..., s=..., startOffset=0) at ../../Source/JavaScriptCore/runtime/RegExpInlines.h:198 #2 0x00007ffff6c9033c in JSC::RegExp::match (this=0x7fffaef9f4a0, vm=..., s=..., startOffset=0) at ../../Source/JavaScriptCore/runtime/RegExp.cpp:354 #3 0x00007ffff6c9b692 in JSC::RegExpConstructor::performMatch (this=0x7fffaef980a0, vm=..., regExp=0x7fffaef9f4a0, string=0x7fffaefe00a0, input=..., startOffset=0) at ../../Source/JavaScriptCore/runtime/RegExpConstructor.h:121 #4 0x00007ffff6c9959c in JSC::RegExpObject::matchInline (this=0x7fffaefc3cd0, exec=0x7fffffffc7b0, globalObject=0x7fffaefdc0a0, string=0x7fffaefe00a0) at ../../Source/JavaScriptCore/runtime/RegExpObjectInlines.h:114 #5 0x00007ffff6c9a338 in JSC::RegExpObject::match (this=0x7fffaefc3cd0, exec=0x7fffffffc7b0, globalObject=0x7fffaefdc0a0, string=0x7fffaefe00a0) at ../../Source/JavaScriptCore/runtime/RegExpObject.cpp:170 #6 0x00007ffff658809b in JSC::RegExpObject::test (this=0x7fffaefc3cd0, exec=0x7fffffffc7b0, globalObject=0x7fffaefdc0a0, string=0x7fffaefe00a0) at ../../Source/JavaScriptCore/runtime/RegExpObject.h:74 #7 0x00007ffff6c9c527 in JSC::regExpProtoFuncTestFast (exec=0x7fffffffc7b0) at ../../Source/JavaScriptCore/runtime/RegExpPrototype.cpp:112 ... ---

Attachments
Add attachment proposed patch, testcase, etc.

Gary Kwong [:gkw] [:nth10sd]

Comment 1 2020-04-23 20:01:11 PDT

I ran robobisect against this bug, and after the following commit: commit ea375360dc2966035e4f7b3e57749b63454e4bf9 Author: msaboff Date: Fri May 18 02:59:31 2018 +0000 We don't throw SyntaxErrors for runtime generated regular expressions with errors https://bugs.webkit.org/show_bug.cgi?id=185755 Reviewed by Keith Miller. </snip> git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231939 268f45cc-cd09-0410-ab3c-d52691b4dbfc it no longer throws the assertion failure, instead showing: Exception: SyntaxError: Invalid regular expression: invalid escaped character for unicode pattern :msaboff, is this a likely fix or is this merely hiding the bug?

Note You need to log in before you can comment on or make changes to this bug.