Bug 150372 - YarrPatternConstructor::containsCapturingTerms() should not assume that its terms.size() is greater than 0.
Summary: YarrPatternConstructor::containsCapturingTerms() should not assume that its t...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2015-10-20 14:03 PDT by Mark Lam
Modified: 2015-10-20 16:39 PDT (History)
8 users (show)

See Also:

Attachments
the patch. (6.05 KB, patch)
2015-10-20 15:33 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2015-10-20 14:03:39 PDT 
Patch coming.

<rdar://problem/22771475>
Comment 1 Geoffrey Garen 2015-10-20 15:09:14 PDT 
I think you can test this with:

var re = /.*(?:(?:(?:(?:(?:(?:)))))).*/;
re.exec("hello");
Comment 2 Mark Lam 2015-10-20 15:33:37 PDT 
Created attachment 263624 [details]
the patch.

Thanks for the repro case.
Comment 3 Geoffrey Garen 2015-10-20 15:51:19 PDT 
Comment on attachment 263624 [details]
the patch.

For future reference, I much prefer this syntax for backwards unsigned looping:

    for (termIndex = terms.size(); termIndex-- >= endIndex; )

That way, you don't need to worry about endIndex being 0 or terms.size() being 0.

In this case, we happen to know that neither problem is possible.
Comment 4 WebKit Commit Bot 2015-10-20 16:39:22 PDT 
Comment on attachment 263624 [details]
the patch.

Clearing flags on attachment: 263624

Committed r191364: <http://trac.webkit.org/changeset/191364>
Comment 5 WebKit Commit Bot 2015-10-20 16:39:26 PDT 
All reviewed patches have been landed.  Closing bug.