127177 – Yarr interpreter reports non-match instead of throwing when bailing out

NEW 127177

Yarr interpreter reports non-match instead of throwing when bailing out

https://bugs.webkit.org/show_bug.cgi?id=127177

Summary Yarr interpreter reports non-match instead of throwing when bailing out

Till Schneidereit

Reported 2014-01-17 09:53:23 PST

The Yarr interpreter contains a limit on how many attempts are made to match disjunctions. When this limit is reached, a bailout with JSRegExpErrorHitLimit happens. This bubbles up and is returned as the result of JSC::Yarr::interpret, the caller of which treats it the same as JSRegExpNoMatch. In SpiderMonkey, we changed things to throw an exception in this case; see the patch in the linked bug.

Attachments
Add attachment proposed patch, testcase, etc.

Boris Zbarsky

Comment 1 2014-01-17 11:42:12 PST

Note that this leads to incorrect behavior in Safari. For example: /^a(\w+)+b/.test("axbxxxxxxxxxxxxxxxxxxxx") returns false in Safari, whereas the correct value is true. Chrome gets this right.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2014-01-17 09:53 PST

Modified

2014-01-17 11:42 PST History

CC List

1 user Show

URL

https://bugzilla.mozilla.org/show_bug.cgi?id=953013

Keywords

Depends on

Blocks