RESOLVED FIXED 180761
REGRESSION (r225695): Repro crash on yahoo login page 
https://bugs.webkit.org/show_bug.cgi?id=180761
Summary REGRESSION (r225695): Repro crash on yahoo login page
Michael Saboff
Reported 2017-12-13 11:26:12 PST
The crashing RegExp is: /([-!#$%&'*+\/=?^`{|}~]|\w)(([-!#$%&'*+\/=?^`{|}~]|\w)|(\.([-!#$%&'*+\/=?^`{|}~]|\w)))*@\w(\w|([-.]\w))*\.\w{2,4}/.exec(”https://mail.yahoo.com/); A reduced test case is: /(?:(?: |a)|\.a)* a*/.exec("/a.aaa”); The issue is that we are trying to backtrack in a nested alternative after the containing saved parenthesis context has been released. The backtracking of normal alternatives is done by jumping to an address stored on the stack. At this point my guess is that we are doing extra backtracking.
Attachments
Patch (80.58 KB, patch)
2017-12-14 13:41 PST, Michael Saboff 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2017-12-13 11:26:40 PST
<rdar://problem/35986606>
Michael Saboff
Comment 2 2017-12-14 13:41:56 PST
Created attachment 329393 [details] Patch
JF Bastien
Comment 3 2017-12-14 13:44:53 PST
Comment on attachment 329393 [details] Patch r=me
WebKit Commit Bot
Comment 4 2017-12-14 14:16:42 PST
Comment on attachment 329393 [details] Patch Clearing flags on attachment: 329393 Committed r225930: <https://trac.webkit.org/changeset/225930>
WebKit Commit Bot
Comment 5 2017-12-14 14:16:43 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.