Running out of stack space not properly handled in RegExp::compile() and its callers
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 2 Nov 2018 22:05:51 +0000 (22:05 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 2 Nov 2018 22:05:51 +0000 (22:05 +0000)
commit835de8c22cb8a456dee823a7a2ac242dd7ac0032
treeea1d9cf0b0e6e653af3a25323b65aac0fce5bb53
parentc07634ade92f5dc6654e86ab06340e46af167de2
Running out of stack space not properly handled in RegExp::compile() and its callers
https://bugs.webkit.org/show_bug.cgi?id=191206

Reviewed by Filip Pizlo.

JSTests:

New regression test.

* stress/regexp-compile-oom.js: Added.
(recurseAndTest):

Source/JavaScriptCore:

Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.

* runtime/RegExp.cpp:
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):
* runtime/RegExp.h:
* runtime/RegExpInlines.h:
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::compileIfNecessaryMatchOnly):
* runtime/RegExpObjectInlines.h:
(JSC::RegExpObject::execInline):
* yarr/YarrErrorCode.h:
(JSC::Yarr::hasHardError):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@237753 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/regexp-compile-oom.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/RegExp.cpp
Source/JavaScriptCore/runtime/RegExp.h
Source/JavaScriptCore/runtime/RegExpInlines.h
Source/JavaScriptCore/runtime/RegExpObjectInlines.h
Source/JavaScriptCore/yarr/YarrErrorCode.h