Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WTF::CrashOnOverflow::crash() with /((a{100000000})*b{2100000000})+/.test(); #733

Closed
wants to merge 0 commits into from
Closed

WTF::CrashOnOverflow::crash() with /((a{100000000})*b{2100000000})+/.test(); #733

wants to merge 0 commits into from

Conversation

msaboff
Copy link
Contributor

@msaboff msaboff commented May 18, 2022
edited by webkit-early-warning-system

7f4a2f1

WTF::CrashOnOverflow::crash() with /((a{100000000})*b{2100000000})+/.test();
https://bugs.webkit.org/show_bug.cgi?id=240552

Reviewed by Yusuke Suzuki and Alex Christensen.

Replaced a crashing checked add in the YARR JIT code generator with a reporting add so we can
catch the overflow.  When we do overflow, we terminate the JIT genration with an error.
We'll fallback to the YARR interpreter, which already exits with an error on a similar overflow.

* JSTests/stress/regexp-large-quantifier.js:
(testRegExp):
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
(JSC::Yarr::dumpCompileFailure):
* Source/JavaScriptCore/yarr/YarrJIT.h:

Canonical link: https://commits.webkit.org/250703@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@294411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

@msaboff msaboff self-assigned this May 18, 2022
@msaboff msaboff added JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues. WebKit Nightly Build labels May 18, 2022
Constellation
Constellation approved these changes May 18, 2022
View reviewed changes
Copy link
Member

@Constellation Constellation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me

@msaboff msaboff added the merge-queue Applied to send a pull request to merge-queue label May 18, 2022
MenloDorian
MenloDorian approved these changes May 18, 2022
View reviewed changes
Copy link

@MenloDorian MenloDorian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me too

@webkit-early-warning-system webkit-early-warning-system force-pushed the eng/WTFCrashOnOverflowcrash-with-a100000000b2100000000-test branch from 2ca6b3c to 7f4a2f1 Compare May 18, 2022 18:34
@webkit-early-warning-system
Copy link
Collaborator

Committed r294411 (250703@main): https://commits.webkit.org/250703@main

Reviewed commits have been landed. Closing PR #733 and removing active labels.

@webkit-early-warning-system webkit-early-warning-system removed the merge-queue Applied to send a pull request to merge-queue label May 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Constellation Constellation Constellation approved these changes

@achristensen07 achristensen07 achristensen07 approved these changes

@MenloDorian MenloDorian MenloDorian approved these changes

Assignees

@msaboff msaboff

Labels
JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues.
Projects
None yet
Milestone
No milestone
5 participants
@msaboff @webkit-early-warning-system @Constellation @achristensen07 @MenloDorian