Bug 52675

Summary: [RegexFuzz] Crash in generated code
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, ggaren, jruderman, msaboff, oliver
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Regression: Simple nested backtrack hangs darin: review+

Description Oliver Hunt 2011-01-18 15:52:35 PST 
testRegexp("(?!(?:\\3+(s+?)))", "gy", ["==","SSS","","","","","","11","=","11SSS"])

Reduced to
/(?!(?:\1+s))/.test('SSS')
Comment 1 Geoffrey Garen 2011-01-18 18:08:46 PST 
<rdar://problem/8882994>
Comment 2 Michael Saboff 2011-01-19 09:46:53 PST 
Created attachment 79436 [details]
Regression: Simple nested backtrack hangs

The changeset (r76076) for https://bugs.webkit.org/show_bug.cgi?id=52540 broke simple backtracking in some cases.  Reworked that change to link both jumps and labels.
Comment 3 Michael Saboff 2011-01-19 09:58:45 PST 
Committed r76133: <http://trac.webkit.org/changeset/76133>