Closed
Bug 192626
Opened 23 years ago
Closed 22 years ago
RegExp parser recursion does not check stack overflow
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: pschwartau, Assigned: rogerl)
References
Details
This was reported by Igor Bukanov as in bug 192414 comment 7,
where Igor gave this testcase:
---
// This gives stack overflow during regular expression construction:
function repeat_str(str, repeat_count) {
if (repeat_count == 0) { return ""; }
if (repeat_count == 1) { return str; }
--repeat_count;
var array = new Array(repeat_count);
while (repeat_count != 0) {
array[--repeat_count] = str;
}
return str.concat.apply(str, array);
}
var N = 1000000;
var reg = new RegExp(repeat_str("(1", N) + repeat_str(")", N));
---
This uses up all available memory on my WinNT box (128M RAM)
after a few minutes of thrashing. I get the Windows warning,
"Your system is running dangerously low on memory...", and
I have to kill my JS process to recover.
I prefer not to add this to the JS testsuite at the moment,
because it is so memory-intensive. If needed, I will add it -
|
||
Updated•23 years ago
|
Severity: normal → critical
Summary: RegExp parser recursion does not check stack overflow → RegExp parser recursion does not check stack overflow
|
Assignee | |
Comment 1•22 years ago
|
||
I've added a fix for this to the pacth in 85721. The test below now actually
runs into the 65535 limit on parentheses. Changing the string to "(?:1" instead
allows it to continue succesfully to the 1000000. I guess that doesn't prove we
handle the out of memory, but that should be fine since I'm using JS_malloc etc
for the stacks, so the same error handling scheme for all out of memory
situations should kick in...
Status: NEW → ASSIGNED
Depends on: RegExpPerf
|
|
||
Comment 2•22 years ago
|
||
Fixed as a part of the fix for bug 192414
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•