Bug 856796 - Attempt detection of YARR bug. r=till, a=sledru
authorSean Stangl <sstangl@mozilla.com>
Mon, 07 Apr 2014 13:43:50 -0700
changeset 183781 51375c4deaf6
parent 183780 4873bad57984
child 183782 cea0324a3ac6
push id3481
push userryanvm@gmail.com
push date2014-04-16 15:27 +0000
treeherdermozilla-beta@92cae49290ae [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstill, sledru
bugs856796
milestone29.0
Bug 856796 - Attempt detection of YARR bug. r=till, a=sledru
js/src/yarr/YarrInterpreter.cpp
--- a/js/src/yarr/YarrInterpreter.cpp
+++ b/js/src/yarr/YarrInterpreter.cpp
@@ -1004,16 +1004,22 @@ public:
 
                         if (parenthesesResult != JSRegExpNoMatch)
                             return parenthesesResult;
 
                         break;
                     }
                 }
             } else {
+                // Avoid a topcrash before it occurs.
+                if (!backTrack->lastContext) {
+                    ASSERT(!"Tripped Bug 856796!");
+                    return JSRegExpErrorInternal;
+                }
+
                 resetMatches(term, context);
                 popParenthesesDisjunctionContext(backTrack);
                 freeParenthesesDisjunctionContext(context);
 
                 if (result != JSRegExpNoMatch)
                     return result;
             }
 
@@ -1050,16 +1056,22 @@ public:
                     // successful backtrack! we're back in the game!
                     if (backTrack->matchAmount) {
                         context = backTrack->lastContext;
                         recordParenthesesMatch(term, context);
                     }
                     return JSRegExpMatch;
                 }
 
+                // Avoid a topcrash before it occurs.
+                if (!backTrack->lastContext) {
+                    ASSERT(!"Tripped Bug 856796!");
+                    return JSRegExpErrorInternal;
+                }
+
                 // pop a match off the stack
                 resetMatches(term, context);
                 popParenthesesDisjunctionContext(backTrack);
                 freeParenthesesDisjunctionContext(context);
 
                 if (result != JSRegExpNoMatch)
                     return result;
             }