WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
173867
RegExp.prototype[@@replace] relies on globals and doesn't perform ToLength
https://bugs.webkit.org/show_bug.cgi?id=173867
Summary
RegExp.prototype[@@replace] relies on globals and doesn't perform ToLength
Saam Barati
Reported
2017-06-26 23:38:25 PDT
...
Attachments
Patch
(20.93 KB, patch)
2020-03-25 13:07 PDT
,
Alexey Shvayka
no flags
Details
Formatted Diff
Diff
Patch
(20.96 KB, patch)
2020-03-25 13:21 PDT
,
Alexey Shvayka
no flags
Details
Formatted Diff
Diff
Patch
(20.96 KB, patch)
2020-03-25 13:38 PDT
,
Alexey Shvayka
no flags
Details
Formatted Diff
Diff
Patch
(20.97 KB, patch)
2020-03-25 16:28 PDT
,
Alexey Shvayka
no flags
Details
Formatted Diff
Diff
Show Obsolete
(3)
View All
Add attachment
proposed patch, testcase, etc.
Saam Barati
Comment 1
2017-06-27 14:23:15 PDT
I think this is observable.
Alexey Shvayka
Comment 2
2020-03-25 13:07:39 PDT
Created
attachment 394532
[details]
Patch
Alexey Shvayka
Comment 3
2020-03-25 13:21:53 PDT
Created
attachment 394535
[details]
Patch Add a few UNUSED_PARAM, drop extra JSC_HOST_CALL. I wonder if we need to ALWAYS_INLINE string*Impl()?
Ross Kirsling
Comment 4
2020-03-25 13:27:45 PDT
Comment on
attachment 394535
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=394535&action=review
> Source/JavaScriptCore/ChangeLog:14 > + b) Removes `lastPosition` checks/updates, as there are none in the spec, and it was > + equivalent to checking `nextSourcePosition`.
Nice catch. I wondered about this in my earlier patch but evidently didn't think about it long enough to realize it wasn't helping at all.
Alexey Shvayka
Comment 5
2020-03-25 13:38:08 PDT
Created
attachment 394541
[details]
Patch Set correct 'length' of builtinStringSubstringInternal's JSFunction.
Ross Kirsling
Comment 6
2020-03-25 13:54:45 PDT
Comment on
attachment 394541
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=394541&action=review
> Source/JavaScriptCore/runtime/StringPrototype.cpp:1136 > + JSValue position = callFrame->argument(1); > + UNUSED_PARAM(position); > + ASSERT(position.isUndefined() || position.isNumber());
Here and below, if this is just for a non-release ASSERT, I suppose it'd be okay get the argument twice instead?
Alexey Shvayka
Comment 7
2020-03-25 16:28:54 PDT
Created
attachment 394561
[details]
Patch Drop UNUSED_PARAM.
EWS
Comment 8
2020-03-25 19:24:34 PDT
Committed
r259029
: <
https://trac.webkit.org/changeset/259029
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 394561
[details]
.
Radar WebKit Bug Importer
Comment 9
2020-03-25 19:25:12 PDT
<
rdar://problem/60900492
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug