Bug 1471371 - OOM handling in RegExp construction. r=jorendorff
authorAshley Hauck <khyperia@mozilla.com>
Tue, 14 Aug 2018 08:24:57 -0700
changeset 432543 8464c338715daf9134f9c640d5da3519c9729447
parent 432542 34996338b92ff27d4ff98d0278c165f2b42fcb92
child 432544 e47a225b907eb38f5f7f671e3296235ac0f26a46
push id34478
push userdluca@mozilla.com
push dateTue, 21 Aug 2018 09:54:49 +0000
treeherdermozilla-central@a955df76e2b6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjorendorff
bugs1471371
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1471371 - OOM handling in RegExp construction. r=jorendorff
js/src/tests/non262/RegExp/oom-in-construction.js
js/src/vm/RegExpObject.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/tests/non262/RegExp/oom-in-construction.js
@@ -0,0 +1,17 @@
+// |reftest| skip-if(!this.hasOwnProperty("oomTest"))
+var BUGNUMBER = 1471371;
+var summary = 'Handle OOM in RegExp';
+
+printBugNumber(BUGNUMBER);
+printStatus(summary);
+
+oomTest(function () {
+    for (var i = 0; i < 10; ++i) {
+        try {
+            RegExp("", "gimuyz");
+        } catch { }
+    }
+});
+
+if (typeof reportCompare === "function")
+    reportCompare(true, true);
--- a/js/src/vm/RegExpObject.cpp
+++ b/js/src/vm/RegExpObject.cpp
@@ -1410,17 +1410,17 @@ js::ParseRegExpFlags(JSContext* cx, JSSt
         ok = ::ParseRegExpFlags(linear->latin1Chars(nogc), len, flagsOut, &invalidFlag);
     } else {
         AutoCheckCannotGC nogc;
         ok = ::ParseRegExpFlags(linear->twoByteChars(nogc), len, flagsOut, &invalidFlag);
     }
 
     if (!ok) {
         TwoByteChars range(&invalidFlag, 1);
-        UniqueChars utf8(JS::CharsToNewUTF8CharsZ(nullptr, range).c_str());
+        UniqueChars utf8(JS::CharsToNewUTF8CharsZ(cx, range).c_str());
         if (!utf8)
             return false;
         JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_BAD_REGEXP_FLAG, utf8.get());
         return false;
     }
 
     return true;
 }