Bug 28353

Summary: yarr/RegexInterpreter.cpp crashes on ./ecma_2/RegExp/exec-002.js
Product: WebKit Reporter: Holger Freyther <zecke>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> mrowe: review+

Holger Freyther
Reported 2009-08-16 02:19:54 PDT
Valgrind is showing a invalid read in popParenthesesDisjunctionContext.
Attachments
2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> (2.15 KB, patch)
2009-08-16 02:27 PDT, Holger Freyther 		mrowe: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Holger Freyther
Comment 1 2009-08-16 02:27:05 PDT
Created attachment 34923 [details] 2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> Reviewed by NOBODY (OOPS!). Fix crash on ./ecma_2/RegExp/exec-002.js. https://bugs.webkit.org/show_bug.cgi?id=28353 Change the order of freeParenthesesDisjunctionContext and popParenthesesDisjunctionContext on all call sites as the pop method is accessing backTrack->lastContext which is the context that is about to be freed. * yarr/RegexInterpreter.cpp: (JSC::Yarr::Interpreter::parenthesesDoBacktrack): (JSC::Yarr::Interpreter::backtrackParentheses): --- 2 files changed, 19 insertions(+), 3 deletions(-)
Mark Rowe (bdash)
Comment 2 2009-08-16 02:43:09 PDT
Comment on attachment 34923 [details] 2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> r=me
Holger Freyther
Comment 3 2009-08-16 06:16:17 PDT
Landed in r47338.
Note You need to log in before you can comment on or make changes to this bug.