52675 – [RegexFuzz] Crash in generated code

RESOLVED FIXED 52675

[RegexFuzz] Crash in generated code

https://bugs.webkit.org/show_bug.cgi?id=52675

Summary [RegexFuzz] Crash in generated code

Oliver Hunt

Reported 2011-01-18 15:52:35 PST

testRegexp("(?!(?:\\3+(s+?)))", "gy", ["==","SSS","","","","","","11","=","11SSS"]) Reduced to /(?!(?:\1+s))/.test('SSS')

Attachments
Regression: Simple nested backtrack hangs (4.91 KB, patch) 2011-01-19 09:46 PST, Michael Saboff	darin: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Geoffrey Garen

Comment 1 2011-01-18 18:08:46 PST

Michael Saboff

Comment 2 2011-01-19 09:46:53 PST

Created attachment 79436 [details] Regression: Simple nested backtrack hangs The changeset (r76076) for https://bugs.webkit.org/show_bug.cgi?id=52540 broke simple backtracking in some cases. Reworked that change to link both jumps and labels.

Michael Saboff

Comment 3 2011-01-19 09:58:45 PST

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component JavaScriptCore

Assignee

Michael Saboff

Reported

2011-01-18 15:52 PST

Modified

2011-01-19 09:58 PST History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks