Bug 223666

Summary:

[YARR] Interpreter incorrectly matches non-BMP characters with multiple . w/dotAll flag

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ews-watchlist, keith_miller, mark.lam, saam, tzagallo, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mark.lam: review+

Michael Saboff

Reported 2021-03-23 18:57:34 PDT

Similar to the fuzzer bug found in https://bugs.webkit.org/show_bug.cgi?id=223498 - "[YARR] Interpreter incorrectly matches non-BMP characters with multiple .", there is a similar issue when the dotAll flag (s) is used. String.fromCodePoint(0x10000).match(/../u) should not match but does in the Yarr Interpreter.

Attachments
Patch (2.94 KB, patch) 2021-03-23 19:02 PDT, Michael Saboff	mark.lam: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2021-03-23 18:58:06 PDT

<rdar://75730500>

Michael Saboff

Comment 2 2021-03-23 19:02:55 PDT

Created attachment 424089 [details] Patch

Mark Lam

Comment 3 2021-03-23 20:01:39 PDT

Comment on attachment 424089 [details] Patch r=me

Michael Saboff

Comment 4 2021-03-24 10:29:05 PDT

Committed r274945 (235702@main): <https://commits.webkit.org/235702@main>

Note You need to log in before you can comment on or make changes to this bug.