projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: af908ee) | patch
Fix crash due RegExpAtom method called on RegExpCharacterClass object.
authorbmeurer@chromium.org <bmeurer@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Fri, 23 Aug 2013 11:06:16 +0000 (11:06 +0000)
committerbmeurer@chromium.org <bmeurer@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Fri, 23 Aug 2013 11:06:16 +0000 (11:06 +0000)
commit17ec357ac7797fbd7e46d62873eaf94657a410d3
tree549de85b2fe3f3ef0d707596d1b69bffa48131b5tree | snapshot
parentaf908ee5bcd916386a29a80addeacbdf601026d4commit | diff
Fix crash due RegExpAtom method called on RegExpCharacterClass object.

In the RegExpUnparser::VisitText(RegExpText* that, void* data) function always RegExpUnparser::VisitAtom function called via that->elements()->at(i).data.u_atom->Accept(this, data); even if the type of the object is RegExpCharacterClass.

The problem shows using g++ 4.7(.2, .3) since r16232, since GCC optimizes virtual method calls to direct calls based on __final/final hints. Tested on MIPS and x64:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000588928 in v8::internal::RegExpUnparser::VisitAtom(v8::internal::RegExpAtom*, void*) ()

This cleans up the TextElement class to avoid the unsafe+unchecked union access, that caused the crash.

TEST=cctest/test-regexp/ParserRegression
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/22815033

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16289 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
src/ast.cc diff | blob | history
src/jsregexp.cc diff | blob | history
src/jsregexp.h diff | blob | history
Domain: Web Framework / Web Engine;