127177 – Yarr interpreter reports non-match instead of throwing when bailing out

Bug 127177 - Yarr interpreter reports non-match instead of throwing when bailing out

Summary: Yarr interpreter reports non-match instead of throwing when bailing out

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:	https://bugzilla.mozilla.org/show_bug...
Keywords:

Depends on:
Blocks:

Reported:	2014-01-17 09:53 PST by Till Schneidereit
Modified:	2014-01-17 11:42 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Till Schneidereit 2014-01-17 09:53:23 PST

The Yarr interpreter contains a limit on how many attempts are made to match disjunctions. When this limit is reached, a bailout with JSRegExpErrorHitLimit happens. This bubbles up and is returned as the result of JSC::Yarr::interpret, the caller of which treats it the same as JSRegExpNoMatch.

In SpiderMonkey, we changed things to throw an exception in this case; see the patch in the linked bug.

Comment 1 Boris Zbarsky 2014-01-17 11:42:12 PST

Note that this leads to incorrect behavior in Safari.  For example:

  /^a(\w+)+b/.test("axbxxxxxxxxxxxxxxxxxxxx")

returns false in Safari, whereas the correct value is true.  Chrome gets this right.