src/jsregexp.cc - Issue 113894: Added stack overflow check for RegExp analysis phase.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/jsregexp.cc

Issue 113894: Added stack overflow check for RegExp analysis phase. (Closed)

Patch Set: Added test for stack overflow Created 11 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/jsregexp.cc

diff --git a/src/jsregexp.cc b/src/jsregexp.cc

index 7500bf2360d420e7744d8e9a2ab4e6072b892552..514a0252d9a2a44b937dad9fd633382b197230ed 100644

--- a/src/jsregexp.cc

+++ b/src/jsregexp.cc

@@ -4189,6 +4189,11 @@ OutSet* DispatchTable::Get(uc16 value) {

void Analysis::EnsureAnalyzed(RegExpNode* that) {

+ StackLimitCheck check;

+ if (check.HasOverflowed()) {

+ fail("Stack overflow");

+ return;

+ }

if (that->info()->been_analyzed || that->info()->being_analyzed)

return;

that->info()->being_analyzed = true;

@@ -4226,16 +4231,20 @@ void Analysis::VisitText(TextNode* that) {

that->MakeCaseIndependent();

}

EnsureAnalyzed(that->on_success());

- that->CalculateOffsets();

+ if (!failed()) {

+ that->CalculateOffsets();

+ }

}

void Analysis::VisitAction(ActionNode* that) {

RegExpNode* target = that->on_success();

EnsureAnalyzed(target);

- // If the next node is interested in what it follows then this node

- // has to be interested too so it can pass the information on.

- that->info()->AddFromFollowing(target->info());

+ if (!failed()) {

+ // If the next node is interested in what it follows then this node

+ // has to be interested too so it can pass the information on.

+ that->info()->AddFromFollowing(target->info());

+ }

}

@@ -4244,6 +4253,7 @@ void Analysis::VisitChoice(ChoiceNode* that) {

for (int i = 0; i < that->alternatives()->length(); i++) {

RegExpNode* node = that->alternatives()->at(i).node();

EnsureAnalyzed(node);

+ if (failed()) return;

// Anything the following nodes need to know has to be known by

// this node also, so it can pass it on.

info->AddFromFollowing(node->info());

@@ -4257,13 +4267,16 @@ void Analysis::VisitLoopChoice(LoopChoiceNode* that) {

RegExpNode* node = that->alternatives()->at(i).node();

if (node != that->loop_node()) {

EnsureAnalyzed(node);

+ if (failed()) return;

info->AddFromFollowing(node->info());

}

// Check the loop last since it may need the value of this node

// to get a correct result.

EnsureAnalyzed(that->loop_node());

- info->AddFromFollowing(that->loop_node()->info());

+ if (!failed()) {

+ info->AddFromFollowing(that->loop_node()->info());

+ }

}

@@ -4435,6 +4448,10 @@ RegExpEngine::CompilationResult RegExpEngine::Compile(RegExpCompileData* data,

data->node = node;

Analysis analysis(ignore_case);

analysis.EnsureAnalyzed(node);

+ if (analysis.failed()) {

+ const char* error_message = analysis.error_message();

+ return CompilationResult(error_message);

+ }

NodeInfo info = *node->info();

« src/jsregexp.h ('K') | « src/jsregexp.h ('k') | test/mjsunit/regexp.js » ('j') | no next file with comments »