Bug 254600

Summary: [JSC] Fix Paren Context allocation and use with Duplicate Named Capture groups
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   

Description Michael Saboff 2023-03-28 09:51:44 PDT 
With a RegExp like /((?:(?<f>\w))(?<f>.)(a*c)?)*/, we ASSERT in YarrJIT.cpp:offsetForDuplicateNamedGroupId() with a zero duplicateNamedGroupId and we improperly restore the non-existent '0' duplicate named group's matching subpattern Id.
Comment 1 Michael Saboff 2023-03-28 09:52:05 PDT 
<rdar://107180725>
Comment 2 Michael Saboff 2023-03-28 10:16:30 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/12061
Comment 3 EWS 2023-03-28 15:39:04 PDT 
Committed 262239@main (126b01e1d8ac): <https://commits.webkit.org/262239@main>

Reviewed commits have been landed. Closing PR #12061 and removing active labels.