Fix undefined result in RegExp engine

szledan · dbatyai · commit caeae0f6212d · 2015-08-06T10:49:59.000+02:00
JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai.u-szeged@partner.samsung.com
JerryScript-DCO-1.0-Signed-off-by: Szilard Ledan szledan.u-szeged@partner.samsung.com
diff --git a/jerry-core/ecma/operations/ecma-regexp-object.cpp b/jerry-core/ecma/operations/ecma-regexp-object.cpp
@@ -1213,11 +1213,15 @@ ecma_regexp_exec_helper (ecma_value_t regexp_value, /**< RegExp object */
   JERRY_ASSERT (re_ctx.num_of_captures % 2 == 0);
   re_ctx.num_of_non_captures = re_get_value (&bc_p);
 
+  /* We create an invalid iterator, that will be used to identify unused result values. */
+  lit_utf8_iterator_t unused_iter = lit_utf8_iterator_create (NULL, 0);
+  unused_iter.buf_p = (lit_utf8_byte_t *) 1;
+
   MEM_DEFINE_LOCAL_ARRAY (saved_p, re_ctx.num_of_captures + re_ctx.num_of_non_captures, lit_utf8_iterator_t);
 
   for (uint32_t i = 0; i < re_ctx.num_of_captures + re_ctx.num_of_non_captures; i++)
   {
-    saved_p[i] = lit_utf8_iterator_create (NULL, 0);
+    saved_p[i] = unused_iter;
   }
   re_ctx.saved_p = saved_p;
 
@@ -1317,9 +1321,8 @@ ecma_regexp_exec_helper (ecma_value_t regexp_value, /**< RegExp object */
       {
         ecma_string_t *index_str_p = ecma_new_ecma_string_from_uint32 (i / 2);
 
-        /* Note: 'iterator.buf_p == NULL' means the input is empty string */
-        if (((re_ctx.saved_p[i].buf_p && re_ctx.saved_p[i + 1].buf_p)
-              || (!iterator.buf_p && !re_ctx.saved_p[i].buf_p && !re_ctx.saved_p[i + 1].buf_p))
+        /* Note: 'iter_p->buf_p == NULL' means the input is empty string */
+        if ((re_ctx.saved_p[i].buf_p != unused_iter.buf_p && re_ctx.saved_p[i + 1].buf_p != unused_iter.buf_p)
             && re_ctx.saved_p[i + 1].buf_pos.offset >= re_ctx.saved_p[i].buf_pos.offset)
         {
           ecma_length_t capture_str_len;

Original file line number	Diff line number	Diff line change
`@@ -1213,11 +1213,15 @@ ecma_regexp_exec_helper (ecma_value_t regexp_value, /*< RegExp object /`
`1213`	`1213`	`JERRY_ASSERT (re_ctx.num_of_captures % 2 == 0);`
`1214`	`1214`	`re_ctx.num_of_non_captures = re_get_value (&bc_p);`
`1215`	`1215`
	`1216`	`+ /* We create an invalid iterator, that will be used to identify unused result values. */`
	`1217`	`+ lit_utf8_iterator_t unused_iter = lit_utf8_iterator_create (NULL, 0);`
	`1218`	`+ unused_iter.buf_p = (lit_utf8_byte_t *) 1;`
	`1219`	`+`
`1216`	`1220`	`MEM_DEFINE_LOCAL_ARRAY (saved_p, re_ctx.num_of_captures + re_ctx.num_of_non_captures, lit_utf8_iterator_t);`
`1217`	`1221`
`1218`	`1222`	`for (uint32_t i = 0; i < re_ctx.num_of_captures + re_ctx.num_of_non_captures; i++)`
`1219`	`1223`	`{`
`1220`		`- saved_p[i] = lit_utf8_iterator_create (NULL, 0);`
	`1224`	`+ saved_p[i] = unused_iter;`
`1221`	`1225`	`}`
`1222`	`1226`	`re_ctx.saved_p = saved_p;`
`1223`	`1227`
`@@ -1317,9 +1321,8 @@ ecma_regexp_exec_helper (ecma_value_t regexp_value, /*< RegExp object /`
`1317`	`1321`	`{`
`1318`	`1322`	`ecma_string_t *index_str_p = ecma_new_ecma_string_from_uint32 (i / 2);`
`1319`	`1323`
`1320`		`- /* Note: 'iterator.buf_p == NULL' means the input is empty string */`
`1321`		`- if (((re_ctx.saved_p[i].buf_p && re_ctx.saved_p[i + 1].buf_p)`
`1322`		`- \|\| (!iterator.buf_p && !re_ctx.saved_p[i].buf_p && !re_ctx.saved_p[i + 1].buf_p))`
	`1324`	`+ /* Note: 'iter_p->buf_p == NULL' means the input is empty string */`
	`1325`	`+ if ((re_ctx.saved_p[i].buf_p != unused_iter.buf_p && re_ctx.saved_p[i + 1].buf_p != unused_iter.buf_p)`
`1323`	`1326`	`&& re_ctx.saved_p[i + 1].buf_pos.offset >= re_ctx.saved_p[i].buf_pos.offset)`
`1324`	`1327`	`{`
`1325`	`1328`	`ecma_length_t capture_str_len;`