Bug 174044

Summary:

RegExp's anchored with .* with \g flag can return wrong match start for strings with multiple matches

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, buildbot, keith_miller, mark.lam, oliver, saam, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	oliver: review+

Description Michael Saboff 2017-06-30 14:48:13 PDT

Consider the string:
    s = "\na\na\na\n";
along with the RegExp:
    r = new RegExp(".*\\s.*", "g");

The result of s.match(r) should be a match object with 4 entries, "\na", "\na", "\na" & "\n".
Instead we get "\na", "a\na", "a\na" & "a\n".

Comment 1 Michael Saboff 2017-06-30 15:11:02 PDT

<rdar://problem/33018426>

Comment 2 Michael Saboff 2017-06-30 15:23:07 PDT

Created attachment 314302 [details]
Patch

Comment 3 Oliver Hunt 2017-06-30 15:44:25 PDT

Comment on attachment 314302 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=314302&action=review

> Source/JavaScriptCore/yarr/YarrJIT.cpp:2699
> +        if (m_pattern.m_saveInitialStartValue) {
> +#ifdef HAVE_INITIAL_START_REG
> +            move(index, initialStart);
> +#else
> +            storeToFrame(index, m_pattern.m_initialStartValueFrameLocation);
> +#endif

I almost wish we could bludgeon templates into doing this for us. Almost. (I suspect it would turn into "can I implement register allocation with templates at compile time?" questions :D )

Comment 4 Michael Saboff 2017-06-30 18:17:01 PDT

Committed r219031: <http://trac.webkit.org/changeset/219031>