Bug 309375

Summary: StringBuilder in regExpProtoFuncReplace uses CrashOnOverflow instead of RecordOverflow
Product: WebKit Reporter: anand_srinivasan
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

anand_srinivasan
Reported 2026-03-06 14:02:06 PST
rdar://171925413 This is a more general version of https://bugs.webkit.org/show_bug.cgi?id=308836 where the accumulatedResult StringBuilder in regExpProtoFuncReplace (runtime/RegExpPrototype.cpp:1049) still uses the default crash-on-overflow policy instead of throwing an out of memory error, which is the correct behavior.
Attachments
Add attachment proposed patch, testcase, etc.
anand_srinivasan
Comment 1 2026-03-06 14:11:52 PST
Pull request: https://github.com/WebKit/WebKit/pull/60088
EWS
Comment 2 2026-03-09 10:17:30 PDT
Committed 308921@main (c6d06eb881b7): <https://commits.webkit.org/308921@main> Reviewed commits have been landed. Closing PR #60088 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.