Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(448)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10380028: Limit recursion depth for gathering BoyerMoore info. (Closed)

Created:
8 years, 7 months ago by Yang
Modified:
8 years, 7 months ago
Reviewers:
Erik Corry
CC:
v8-dev
Visibility:
Public.

Description

Limit recursion depth for gathering BoyerMoore info. BUG=126412 TEST=regress-126412

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+60 lines, -3 lines) Patch
M src/jsregexp.h View 3 chunks +8 lines, -1 line 0 comments Download
M src/jsregexp.cc View 3 chunks +8 lines, -2 lines 0 comments Download
A test/mjsunit/regress/regress-126412.js View 1 chunk +44 lines, -0 lines 1 comment Download

Messages

Total messages: 2 (0 generated)
Yang
In some cases the recursion to gather Boyer-Moore info can cause a stack overflow. PTAL.
8 years, 7 months ago (2012-05-07 17:24:42 UTC) #1
Erik Corry
8 years, 7 months ago (2012-05-08 11:32:45 UTC) #2 
http://codereview.chromium.org/10380028/diff/1/test/mjsunit/regress/regress-1...
File test/mjsunit/regress/regress-126412.js (right):

http://codereview.chromium.org/10380028/diff/1/test/mjsunit/regress/regress-1...
test/mjsunit/regress/regress-126412.js:34: assertEquals("RangeError: Maximum
call stack size exceeded", e.toString());
There's no reason for a stack overflow here.  The issue is that we fail to
recognize a quantifier (the outer *) where the body can have zero length,
because we have an overflow that we don't detect.  There are special rules
around quantifiers that have zero length matches and that causes both the crash
in the BoyerMoore info collector and this stack overflow when it is run. 
Correct fix is in https://chromiumcodereview.appspot.com/10384053

Powered by Google App Engine
This is Rietveld 408576698