[PATCH 0/2] MR6840: jscript: Handle star and opt operators while matching global regex properly.
Before this fix, the regex engine would run into an infinite loop and OOM when encountering a quantifier allowing a zero amount of items in a REG_GLOB regex.
This fixes a freeze/crash in the Final Fantasy XIV Launcher during the registration process.
From: Charlotte Pabst cpabst@codeweavers.com
Before this fix, the regex engine would run into an infinite loop and OOM when encountering a quantifier allowing a zero amount of items in a REG_GLOB regex. --- dlls/jscript/jsregexp.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/dlls/jscript/jsregexp.c b/dlls/jscript/jsregexp.c index e3a707b1f6b..fb04fe5131f 100644 --- a/dlls/jscript/jsregexp.c +++ b/dlls/jscript/jsregexp.c @@ -208,6 +208,9 @@ static HRESULT regexp_match(script_ctx_t *ctx, jsdisp_t *dispex, jsstr_t *jsstr, ret[i].index = result->cp - str - result->match_len; ret[i++].length = result->match_len;
+ if (result->match_len == 0) + result->cp++; + if(!gflag && !(This->jsregexp->flags & REG_GLOB)) { hres = S_OK; break;
From: Charlotte Pabst cpabst@codeweavers.com
--- dlls/jscript/tests/regexp.js | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)
diff --git a/dlls/jscript/tests/regexp.js b/dlls/jscript/tests/regexp.js index 693564d7cb8..76f2ee50a4e 100644 --- a/dlls/jscript/tests/regexp.js +++ b/dlls/jscript/tests/regexp.js @@ -174,6 +174,42 @@ ok(m.length === 2, "m.length is not 2"); ok(m["0"] === "aaab", "m[0] is not "ab""); ok(m["1"] === "ab", "m[1] is not "ab"");
+m = "".match(/a*/g); +ok(typeof(m) === "object", "typeof m is not object"); +ok(m.length === 1, "m.length is not 1"); +ok(m["0"] === "", "m[0] is not """); + +m = "aaa".match(/a*/g); +ok(typeof(m) === "object", "typeof m is not object"); +ok(m.length === 2, "m.length is not 2"); +ok(m["0"] === "aaa", "m[0] is not "aaa""); +ok(m["1"] === "", "m[1] is not """); + +m = "b".match(/a*/g); +ok(typeof(m) === "object", "typeof m is not object"); +ok(m.length === 2, "m.length is not 2"); +ok(m["0"] === "", "m[0] is not """); +ok(m["1"] === "", "m[1] is not """); + +m = "".match(/a?/g); +ok(typeof(m) === "object", "typeof m is not object"); +ok(m.length === 1, "m.length is not 1"); +ok(m["0"] === "", "m[0] is not """); + +m = "aaa".match(/a?/g); +ok(typeof(m) === "object", "typeof m is not object"); +ok(m.length === 4, "m.length is not 4"); +ok(m["0"] === "a", "m[0] is not "a""); +ok(m["1"] === "a", "m[1] is not "a""); +ok(m["2"] === "a", "m[2] is not "a""); +ok(m["3"] === "", "m[3] is not """); + +m = "b".match(/a?/g); +ok(typeof(m) === "object", "typeof m is not object"); +ok(m.length === 2, "m.length is not 2"); +ok(m["0"] === "", "m[0] is not """); +ok(m["1"] === "", "m[1] is not """); + m = "aaa\\cabc".match(/\/g); ok(typeof(m) === "object", "typeof m is not object"); ok(m.length === 2, "m.length is not 2");
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=149740
Your paranoid android.
=== debian11b (64 bit WoW report) ===
kernel32: comm.c:1586: Test failed: Unexpected time 1000, expected around 500
user32: win.c:4070: Test failed: Expected active window 0000000004280148, got 0000000000000000. win.c:4071: Test failed: Expected focus window 0000000004280148, got 0000000000000000.
Jacek Caban (@jacek) commented about dlls/jscript/jsregexp.c:
ret[i].index = result->cp - str - result->match_len; ret[i++].length = result->match_len;
if (result->match_len == 0)result->cp++;
Please don't use tabs. The patch looks good otherwise.
-
Charlotte Pabst -
Charlotte Pabst (@CharlottePabst)
-
Jacek Caban (@jacek)
-
Marvin