\x and \u must always be followed by exactly 2 resp. 4 hexadecimal digits to form a Hex- or UnicodeEscapeSequence. If they are not, then they should be an IdentityEscape that resolves to plain x resp. u.
ParseTerm, CalculateBitmapSize and ProcessCharSet do that wrong and treat them as \0 instead (or the partly calculated character number if followed by too few hexadecimal digits). In CalculateBitmapSize and ProcessCharSet the (src < end) test wouldn't be necessary, because it is known there that a ']' follows at the end.
CalculateBitmapSize and ProcessCharSet are also wrong if an uncomplete \x... or \u... isn't at the end, because they treat the backslash literally and ignore the x or u. Instead it should be treated as IdentityEscape and thus the backslash be ignored. ParseTerm does that correctly.
Created attachment 316105 [details] [diff] [review]
Created attachment 316108 [details]
testcase for testsuite
Comment on attachment 316105 [details] [diff] [review]
This should probably wait to land in a dot-release, though.
x0: you should put the keyword 'checkin-needed' once the patch is indeed ready to be checked in.
These bugs are all part of a search I made for js bugs that are getting lost in transit:
They all have a review+'ed, non-obsoleted patch and are not marked fixed-in-tracemonkey or checkin-needed but have not seen any activity in 300 days. Some of these got lost simply because the assignee/patch provider never requested a checkin, or just because they were forgotten about.
Is this still an issue with YARR?
(In reply to comment #6)
> Is this still an issue with YARR?
Doesn't appear to be, as the testcase passes. I'm going to steal assignment so I remember to review and check in the test case post-FF4.
Should i do it?