Add missing exception check in RegExpObjectInlines.h's collectMatches.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 25 Jun 2018 18:53:34 +0000 (18:53 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 25 Jun 2018 18:53:34 +0000 (18:53 +0000)
https://bugs.webkit.org/show_bug.cgi?id=187006
<rdar://problem/41418412>

Reviewed by Keith Miller.

JSTests:

* stress/regress-187006.js: Added.

Source/JavaScriptCore:

* runtime/RegExpObjectInlines.h:
(JSC::collectMatches):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233161 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/regress-187006.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/RegExpObjectInlines.h

index ff081ea..f7f6b94 100644 (file)
@@ -1,3 +1,13 @@
+2018-06-25  Mark Lam  <mark.lam@apple.com>
+
+        Add missing exception check in RegExpObjectInlines.h's collectMatches.
+        https://bugs.webkit.org/show_bug.cgi?id=187006
+        <rdar://problem/41418412>
+
+        Reviewed by Keith Miller.
+
+        * stress/regress-187006.js: Added.
+
 2018-06-22  Keith Miller  <keith_miller@apple.com>
 
         unshift should zero unused property storage
diff --git a/JSTests/stress/regress-187006.js b/JSTests/stress/regress-187006.js
new file mode 100644 (file)
index 0000000..91098d8
--- /dev/null
@@ -0,0 +1,16 @@
+Object.defineProperty(Array.prototype, '0', {
+    get() { },
+    set() { throw new Error(); }
+});
+
+var __v_7772 = "GGCCGGGTAAAGTGGCTCACGCCTGTAATCCCAGCACTTTACCCCCCGAGGCGGGCGGA";
+var exception;
+
+try {
+    __v_7772.match(/[cgt]gggtaaa|tttaccc[acg]/ig);
+} catch (e) {
+    exception = e;
+}
+
+if (exception != "Error")
+    throw "FAILED";
index efb1229..758c704 100644 (file)
@@ -1,3 +1,14 @@
+2018-06-25  Mark Lam  <mark.lam@apple.com>
+
+        Add missing exception check in RegExpObjectInlines.h's collectMatches.
+        https://bugs.webkit.org/show_bug.cgi?id=187006
+        <rdar://problem/41418412>
+
+        Reviewed by Keith Miller.
+
+        * runtime/RegExpObjectInlines.h:
+        (JSC::collectMatches):
+
 2018-06-25  Tadeu Zagallo  <tzagallo@apple.com>
 
         Add API for configuring the number of threads used by DFG and FTL
index 23006f3..3080c2f 100644 (file)
@@ -205,6 +205,9 @@ JSValue collectMatches(VM& vm, ExecState* exec, JSString* string, const String&
         }
         
         iterate();
+        EXCEPTION_ASSERT(!!scope.exception() == hasException);
+        if (UNLIKELY(hasException))
+            return { };
     } while (result);
     
     return array;