Summary: | yarr/RegexInterpreter.cpp crashes on ./ecma_2/RegExp/exec-002.js | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Holger Freyther <zecke> | ||||
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | ||||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | PC | ||||||
OS: | OS X 10.5 | ||||||
Attachments: |
|
Description
Holger Freyther
2009-08-16 02:19:54 PDT
Created attachment 34923 [details] 2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> Reviewed by NOBODY (OOPS!). Fix crash on ./ecma_2/RegExp/exec-002.js. https://bugs.webkit.org/show_bug.cgi?id=28353 Change the order of freeParenthesesDisjunctionContext and popParenthesesDisjunctionContext on all call sites as the pop method is accessing backTrack->lastContext which is the context that is about to be freed. * yarr/RegexInterpreter.cpp: (JSC::Yarr::Interpreter::parenthesesDoBacktrack): (JSC::Yarr::Interpreter::backtrackParentheses): --- 2 files changed, 19 insertions(+), 3 deletions(-) Comment on attachment 34923 [details] 2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> r=me |