Bug 223666

Summary:

[YARR] Interpreter incorrectly matches non-BMP characters with multiple . w/dotAll flag

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ews-watchlist, keith_miller, mark.lam, saam, tzagallo, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mark.lam: review+

Description Michael Saboff 2021-03-23 18:57:34 PDT

Similar to the fuzzer bug found in https://bugs.webkit.org/show_bug.cgi?id=223498 - "[YARR] Interpreter incorrectly matches non-BMP characters with multiple .", there is a similar issue when the dotAll flag (s) is used.

String.fromCodePoint(0x10000).match(/../u) should not match but does in the Yarr Interpreter.

Comment 1 Michael Saboff 2021-03-23 18:58:06 PDT

<rdar://75730500>

Comment 2 Michael Saboff 2021-03-23 19:02:55 PDT

Created attachment 424089 [details]
Patch

Comment 3 Mark Lam 2021-03-23 20:01:39 PDT

Comment on attachment 424089 [details]
Patch

r=me

Comment 4 Michael Saboff 2021-03-24 10:29:05 PDT

Committed r274945 (235702@main): <https://commits.webkit.org/235702@main>