254600 – [JSC] Fix Paren Context allocation and use with Duplicate Named Capture groups

RESOLVED FIXED254600

[JSC] Fix Paren Context allocation and use with Duplicate Named Capture groups

https://bugs.webkit.org/show_bug.cgi?id=254600

Summary [JSC] Fix Paren Context allocation and use with Duplicate Named Capture groups

Michael Saboff

Reported 2023-03-28 09:51:44 PDT

With a RegExp like /((?:(?<f>\w))(?<f>.)(a*c)?)*/, we ASSERT in YarrJIT.cpp:offsetForDuplicateNamedGroupId() with a zero duplicateNamedGroupId and we improperly restore the non-existent '0' duplicate named group's matching subpattern Id.

Attachments
Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2023-03-28 09:52:05 PDT

<rdar://107180725>

Michael Saboff

Comment 2 2023-03-28 10:16:30 PDT

Pull request: https://github.com/WebKit/WebKit/pull/12061

EWS

Comment 3 2023-03-28 15:39:04 PDT

Committed 262239@main (126b01e1d8ac): <https://commits.webkit.org/262239@main> Reviewed commits have been landed. Closing PR #12061 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Michael Saboff

Reported

2023-03-28 09:51 PDT

Modified

2023-03-28 15:39 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks