RESOLVED FIXED 150372
YarrPatternConstructor::containsCapturingTerms() should not assume that its terms.size() is greater than 0. 
https://bugs.webkit.org/show_bug.cgi?id=150372
Summary YarrPatternConstructor::containsCapturingTerms() should not assume that its t...
Mark Lam
Reported 2015-10-20 14:03:39 PDT
Patch coming. <rdar://problem/22771475>
Attachments
the patch. (6.05 KB, patch)
2015-10-20 15:33 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Geoffrey Garen
Comment 1 2015-10-20 15:09:14 PDT
I think you can test this with: var re = /.*(?:(?:(?:(?:(?:(?:)))))).*/; re.exec("hello");
Mark Lam
Comment 2 2015-10-20 15:33:37 PDT
Created attachment 263624 [details] the patch. Thanks for the repro case.
Geoffrey Garen
Comment 3 2015-10-20 15:51:19 PDT
Comment on attachment 263624 [details] the patch. For future reference, I much prefer this syntax for backwards unsigned looping: for (termIndex = terms.size(); termIndex-- >= endIndex; ) That way, you don't need to worry about endIndex being 0 or terms.size() being 0. In this case, we happen to know that neither problem is possible.
WebKit Commit Bot
Comment 4 2015-10-20 16:39:22 PDT
Comment on attachment 263624 [details] the patch. Clearing flags on attachment: 263624 Committed r191364: <http://trac.webkit.org/changeset/191364>
WebKit Commit Bot
Comment 5 2015-10-20 16:39:26 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.