Bug 209323 - RegExp.prototype[@@replace] doesn't coerce result index to integer
Summary: RegExp.prototype[@@replace] doesn't coerce result index to integer
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ross Kirsling
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-03-19 18:13 PDT by Ross Kirsling
Modified: 2020-03-25 13:08 PDT (History)
9 users (show)

See Also:


Attachments
Patch (3.92 KB, patch)
2020-03-19 18:21 PDT, Ross Kirsling
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ross Kirsling 2020-03-19 18:13:11 PDT
RegExp.prototype[@@replace] doesn't coerce result index to integer
Comment 1 Ross Kirsling 2020-03-19 18:21:14 PDT
Created attachment 394052 [details]
Patch
Comment 2 Yusuke Suzuki 2020-03-19 20:23:10 PDT
Comment on attachment 394052 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394052&action=review

r=me

> Source/JavaScriptCore/ChangeLog:14
> +        From https://tc39.es/ecma262/#sec-regexp.prototype-@@replace:
> +          21.2.5.10 RegExp.prototype [ @@replace ] ( string, replaceValue )
> +            ...
> +            14. For each result in results, do
> +              ...
> +              e. Let position be ? ToInteger(? Get(result, "index")).
> +              f. Set position to max(min(position, lengthS), 0).

Can you ensure that we do not need to change DFG / FTL too?
Comment 3 Ross Kirsling 2020-03-20 12:39:16 PDT
(In reply to Yusuke Suzuki from comment #2)
> Can you ensure that we do not need to change DFG / FTL too?

Confirmed that this issue is limited to the @@replace built-in.
Comment 4 EWS 2020-03-20 13:20:03 PDT
Committed r258783: <https://trac.webkit.org/changeset/258783>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394052 [details].
Comment 5 Radar WebKit Bug Importer 2020-03-20 13:21:16 PDT
<rdar://problem/60701752>