28353 – yarr/RegexInterpreter.cpp crashes on ./ecma_2/RegExp/exec-002.js

RESOLVED FIXED Bug 28353

yarr/RegexInterpreter.cpp crashes on ./ecma_2/RegExp/exec-002.js

https://bugs.webkit.org/show_bug.cgi?id=28353

Summary yarr/RegexInterpreter.cpp crashes on ./ecma_2/RegExp/exec-002.js

Holger Freyther

Reported 2009-08-16 02:19:54 PDT

Valgrind is showing a invalid read in popParenthesesDisjunctionContext.

Attachments
2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> (2.15 KB, patch) 2009-08-16 02:27 PDT, Holger Freyther	mrowe: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Holger Freyther

Comment 1 2009-08-16 02:27:05 PDT

Created attachment 34923 [details] 2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> Reviewed by NOBODY (OOPS!). Fix crash on ./ecma_2/RegExp/exec-002.js. https://bugs.webkit.org/show_bug.cgi?id=28353 Change the order of freeParenthesesDisjunctionContext and popParenthesesDisjunctionContext on all call sites as the pop method is accessing backTrack->lastContext which is the context that is about to be freed. * yarr/RegexInterpreter.cpp: (JSC::Yarr::Interpreter::parenthesesDoBacktrack): (JSC::Yarr::Interpreter::backtrackParentheses): --- 2 files changed, 19 insertions(+), 3 deletions(-)

Mark Rowe (bdash)

Comment 2 2009-08-16 02:43:09 PDT

Comment on attachment 34923 [details] 2009-08-16 Holger Hans Peter Freyther <zecke@selfish.org> r=me

Holger Freyther

Comment 3 2009-08-16 06:16:17 PDT

Landed in r47338.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2009-08-16 02:19 PDT

Modified

2009-08-16 06:16 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks