Bug 856796 - Attempt detection of YARR bug. r=till, a=sledru
authorSean Stangl <sstangl@mozilla.com>
Mon, 07 Apr 2014 13:43:50 -0700
changeset 192864 d09c7f6a85cfc9707a0d3eeb2d930c3021c55f3b
parent 192863 eab0c808661fe7975611140d91d717b675974b88
child 192865 132409ffbf21ad910052b7b7fe9359ba45e53697
push id474
push userasasaki@mozilla.com
push dateMon, 02 Jun 2014 21:01:02 +0000
treeherdermozilla-release@967f4cf1b31c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstill, sledru
bugs856796
milestone30.0a2
Bug 856796 - Attempt detection of YARR bug. r=till, a=sledru
js/src/yarr/YarrInterpreter.cpp
--- a/js/src/yarr/YarrInterpreter.cpp
+++ b/js/src/yarr/YarrInterpreter.cpp
@@ -1004,16 +1004,22 @@ public:
 
                         if (parenthesesResult != JSRegExpNoMatch)
                             return parenthesesResult;
 
                         break;
                     }
                 }
             } else {
+                // Avoid a topcrash before it occurs.
+                if (!backTrack->lastContext) {
+                    ASSERT(!"Tripped Bug 856796!");
+                    return JSRegExpErrorInternal;
+                }
+
                 resetMatches(term, context);
                 popParenthesesDisjunctionContext(backTrack);
                 freeParenthesesDisjunctionContext(context);
 
                 if (result != JSRegExpNoMatch)
                     return result;
             }
 
@@ -1050,16 +1056,22 @@ public:
                     // successful backtrack! we're back in the game!
                     if (backTrack->matchAmount) {
                         context = backTrack->lastContext;
                         recordParenthesesMatch(term, context);
                     }
                     return JSRegExpMatch;
                 }
 
+                // Avoid a topcrash before it occurs.
+                if (!backTrack->lastContext) {
+                    ASSERT(!"Tripped Bug 856796!");
+                    return JSRegExpErrorInternal;
+                }
+
                 // pop a match off the stack
                 resetMatches(term, context);
                 popParenthesesDisjunctionContext(backTrack);
                 freeParenthesesDisjunctionContext(context);
 
                 if (result != JSRegExpNoMatch)
                     return result;
             }