Issue metadata
Sign in to add a comment
|
Wrong regex doesn't throw an error
Reported by
hakerh403@gmail.com,
Jul 20 2017
|
||||||||||||||||||||||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Steps to reproduce the problem:
Run the following code:
try{
console.log(Function('/)/') & 0);
}catch(a){
console.log(1);
}
What is the expected behavior?
According to the spec, shouldn't this code print 1 instead of 0? In the spec in section "Early syntax errors" it says that wrong regex (in this particular case "Invalid regular expression: /)/: Unmatched ')'") should trigger an error while parsing. In Mozilla Firefox it prints 1 as expected.
What went wrong?
Chrome somehow succeeds to parse wrong regex and doesn't throw a syntax error which yields printing 0 instead of 1, which in real code may result in behavior unconsistent to the ES spec.
Did this work before? No
Chrome version: 59.0.3071.115 Channel: stable
OS Version:
Flash Version: Flash is disabled and btw its not relevant here
,
Jul 20 2017
,
Jul 25 2017
Please evaluate
,
Jul 25 2017
An even simpler repro is
function f() { /)/; }
The V8 parser only verifies a small subset of early errors for RegExp literals (see [0]). All other errors (including "Unmatched ')'") are thrown when parsing the regexp pattern itself, which happens once the literal is evaluated at runtime.
Firefox gets early errors for free because they actually parse and construct regexp objects at parse-time. But that comes with associated memory and runtime overhead.
See also related bugs at https://crbug.com/v8/896 and https://crbug.com/v8/3384 .
[0] https://cs.chromium.org/chromium/src/v8/src/parsing/parser-base.h?l=1677&rcl=ee3d171568bdbd603ab6659825dff053d27f1103
,
Jul 25 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by manoranj...@chromium.org
, Jul 20 2017Status: Untriaged (was: Unconfirmed)