CHECK failure: value != Smi::FromInt(JSRegExp::kUninitializedValue) in objects-inl.h |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5218451347210240 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: value != Smi::FromInt(JSRegExp::kUninitializedValue) in objects-inl.h Sanitizer: address (ASAN) Regressed: V8: 44170:44171 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv979_jeAuquJOFXaOQV_z89tIgrbOasfdW0fzITGHL0fASQNSh-sjkXN4rYYN5DPr3Owk7YB0DOb7hXssUseNAFfXv1oiYmDQXVUf8wA-8jiL6mlatCNcl1u7fXb0dAH5LkuLoqp2Cwj3HK3-JxovDXDWyUJNYH5sNx_zalBfysHDwLUI-5sxlD_v2iqdHBZq9sbmIw2PFnlTgAEzMzaI-iYkqIFz78iSgp99ImXuC2YhLaT307EtXgS2UaG9462ycbmAFvnUcXV5t18qFFND8xkjzrCLeLFag3zObJLd9Mkz96DL6u_xDqY5ubhxc0mTmZhfVj5jl_rG2uduKD2qtEdZ935IAJqAlkPBVf7UnBg30oaRwyZs5J4Vp1Zw6m0t476YgkSKNaXUAJpbnTlPp71zG59xg?testcase_id=5218451347210240 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 6 2017
CC'ing rossberg@, on-duty CF sheriff. Please triage.
,
Apr 6 2017
,
Apr 6 2017
CF points to this CL
[regexp] Named capture support for string replacements
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.
Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:
let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>") // "bacd"
"abcd".replace(re, "$2$1") // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd") // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>") // "cd" (invalid name)
"abcd".replace(re, "$<thd>") // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>") // "cd" (non-matched capture)
Support is currently behind the --harmony-regexp-named-captures flag.
BUG= v8:5437
Review-Url: https://codereview.chromium.org/2775303002
Cr-Original-Commit-Position: refs/heads/master@{#44171}
Committed: https://chromium.googlesource.com/v8/v8/+/17f13863b64b25eccf565e0aa9c4c441f0562b84
Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44182}
,
Apr 6 2017
CF shows https://chromium.googlesource.com/v8/v8/+/e2858f2adc4e8767576ab3adda61e37695bfd7be as the fixing CL. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mummare...@chromium.org
, Mar 28 2017