254600 – [JSC] Fix Paren Context allocation and use with Duplicate Named Capture groups

Bug 254600 - [JSC] Fix Paren Context allocation and use with Duplicate Named Capture groups

Summary: [JSC] Fix Paren Context allocation and use with Duplicate Named Capture groups

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Michael Saboff

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-03-28 09:51 PDT by Michael Saboff
Modified:	2023-03-28 15:39 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Saboff 2023-03-28 09:51:44 PDT

With a RegExp like /((?:(?<f>\w))(?<f>.)(a*c)?)*/, we ASSERT in YarrJIT.cpp:offsetForDuplicateNamedGroupId() with a zero duplicateNamedGroupId and we improperly restore the non-existent '0' duplicate named group's matching subpattern Id.

Comment 1 Michael Saboff 2023-03-28 09:52:05 PDT

<rdar://107180725>

Comment 2 Michael Saboff 2023-03-28 10:16:30 PDT

Pull request: https://github.com/WebKit/WebKit/pull/12061

Comment 3 EWS 2023-03-28 15:39:04 PDT

Committed 262239@main (126b01e1d8ac): <https://commits.webkit.org/262239@main>

Reviewed commits have been landed. Closing PR #12061 and removing active labels.