WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
180761
REGRESSION (
r225695
): Repro crash on yahoo login page
https://bugs.webkit.org/show_bug.cgi?id=180761
Summary
REGRESSION (r225695): Repro crash on yahoo login page
Michael Saboff
Reported
2017-12-13 11:26:12 PST
The crashing RegExp is: /([-!#$%&'*+\/=?^`{|}~]|\w)(([-!#$%&'*+\/=?^`{|}~]|\w)|(\.([-!#$%&'*+\/=?^`{|}~]|\w)))*@\w(\w|([-.]\w))*\.\w{2,4}/.exec(”
https://mail.yahoo.com/
); A reduced test case is: /(?:(?: |a)|\.a)* a*/.exec("/a.aaa”); The issue is that we are trying to backtrack in a nested alternative after the containing saved parenthesis context has been released. The backtracking of normal alternatives is done by jumping to an address stored on the stack. At this point my guess is that we are doing extra backtracking.
Attachments
Patch
(80.58 KB, patch)
2017-12-14 13:41 PST
,
Michael Saboff
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Michael Saboff
Comment 1
2017-12-13 11:26:40 PST
<
rdar://problem/35986606
>
Michael Saboff
Comment 2
2017-12-14 13:41:56 PST
Created
attachment 329393
[details]
Patch
JF Bastien
Comment 3
2017-12-14 13:44:53 PST
Comment on
attachment 329393
[details]
Patch r=me
WebKit Commit Bot
Comment 4
2017-12-14 14:16:42 PST
Comment on
attachment 329393
[details]
Patch Clearing flags on attachment: 329393 Committed
r225930
: <
https://trac.webkit.org/changeset/225930
>
WebKit Commit Bot
Comment 5
2017-12-14 14:16:43 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug