Bug 28353

Summary: yarr/RegexInterpreter.cpp crashes on ./ecma_2/RegExp/exec-002.js
Product: WebKit Reporter: Holger Freyther <zecke>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> mrowe: review+

Description Holger Freyther 2009-08-16 02:19:54 PDT 
Valgrind is showing a invalid read in popParenthesesDisjunctionContext.
Comment 1 Holger Freyther 2009-08-16 02:27:05 PDT 
Created attachment 34923 [details]
2009-08-16  Holger Hans Peter Freyther  <zecke@selfish.org>

Reviewed by NOBODY (OOPS!).

Fix crash on ./ecma_2/RegExp/exec-002.js.
https://bugs.webkit.org/show_bug.cgi?id=28353

Change the order of freeParenthesesDisjunctionContext and
popParenthesesDisjunctionContext on all call sites as the pop
method is accessing backTrack->lastContext which is the context
that is about to be freed.

* yarr/RegexInterpreter.cpp:
(JSC::Yarr::Interpreter::parenthesesDoBacktrack):
(JSC::Yarr::Interpreter::backtrackParentheses):
---
 2 files changed, 19 insertions(+), 3 deletions(-)
Comment 2 Mark Rowe (bdash) 2009-08-16 02:43:09 PDT 
Comment on attachment 34923 [details]
2009-08-16  Holger Hans Peter Freyther  <zecke@selfish.org>

r=me
Comment 3 Holger Freyther 2009-08-16 06:16:17 PDT 
Landed in r47338.