From e1f3b3f8dd17d687e8a19ca34246c86bcfdb2832 Mon Sep 17 00:00:00 2001 From: Klaus Rennecke Date: Wed, 16 Jan 2013 11:23:04 +0100 Subject: [PATCH] test and fix for crash parsing regexp /0{0/ --- .../javascript/regexp/NativeRegExp.java | 47 ++++++++++--------- .../javascript/tests/NativeRegExpTest.java | 29 ++++++++++++ 2 files changed, 53 insertions(+), 23 deletions(-) create mode 100644 testsrc/org/mozilla/javascript/tests/NativeRegExpTest.java diff --git a/src/org/mozilla/javascript/regexp/NativeRegExp.java b/src/org/mozilla/javascript/regexp/NativeRegExp.java index 0122541534..1635ff0814 100644 --- a/src/org/mozilla/javascript/regexp/NativeRegExp.java +++ b/src/org/mozilla/javascript/regexp/NativeRegExp.java @@ -1121,32 +1121,33 @@ private static void doFlat(CompilerState state, char c) ++state.cp; min = getDecimalValue(c, state, 0xFFFF, "msg.overlarge.min"); - c = src[state.cp]; - if (c == ',') { - c = src[++state.cp]; - if (isDigit(c)) { - ++state.cp; - max = getDecimalValue(c, state, 0xFFFF, - "msg.overlarge.max"); + if (state.cp < src.length) { + c = src[state.cp]; + if (c == ',' && ++state.cp < src.length) { c = src[state.cp]; - if (min > max) { - reportError("msg.max.lt.min", - String.valueOf(src[state.cp])); - return false; + if (isDigit(c) && ++state.cp < src.length) { + max = getDecimalValue(c, state, 0xFFFF, + "msg.overlarge.max"); + c = src[state.cp]; + if (min > max) { + reportError("msg.max.lt.min", + String.valueOf(src[state.cp])); + return false; + } } + } else { + max = min; + } + /* balance '{' */ + if (c == '}') { + state.result = new RENode(REOP_QUANT); + state.result.min = min; + state.result.max = max; + // QUANT, , , , + // , ... + state.progLength += 12; + hasQ = true; } - } else { - max = min; - } - /* balance '{' */ - if (c == '}') { - state.result = new RENode(REOP_QUANT); - state.result.min = min; - state.result.max = max; - // QUANT, , , , - // , ... - state.progLength += 12; - hasQ = true; } } if (!hasQ) { diff --git a/testsrc/org/mozilla/javascript/tests/NativeRegExpTest.java b/testsrc/org/mozilla/javascript/tests/NativeRegExpTest.java new file mode 100644 index 0000000000..28451a440c --- /dev/null +++ b/testsrc/org/mozilla/javascript/tests/NativeRegExpTest.java @@ -0,0 +1,29 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +package org.mozilla.javascript.tests; + +import junit.framework.TestCase; + +import org.mozilla.javascript.Context; +import org.mozilla.javascript.ContextAction; +import org.mozilla.javascript.ScriptableObject; +import org.mozilla.javascript.regexp.NativeRegExp; + +public class NativeRegExpTest extends TestCase { + + public void testOpenBrace() { + final String script = "/0{0/"; + final ContextAction action = new ContextAction() { + public Object run(final Context _cx) { + final ScriptableObject scope = _cx.initStandardObjects(); + final Object result = _cx.evaluateString(scope, script, "test script", 0, null); + assertEquals(script, Context.toString(result)); + return null; + } + }; + + Utils.runWithAllOptimizationLevels(action); + } +}