Note: There are a few cases of duplicates in user autocompletion which are being worked on.

\x... and \u... in RegExp parsed wrong if not followed by enough hex digits

RESOLVED FIXED in mozilla12

Status

()

Core
JavaScript Engine
--
minor
RESOLVED FIXED
9 years ago
6 years ago

People

(Reporter: x0, Assigned: cdleary)

Tracking

Trunk
mozilla12
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(2 attachments)

3.67 KB, patch
Brian Crowder
: review+
Details | Diff | Splinter Review
4.38 KB, application/x-javascript
Details
(Reporter)

Description

9 years ago
\x and \u must always be followed by exactly 2 resp. 4 hexadecimal digits to form a Hex- or UnicodeEscapeSequence. If they are not, then they should be an IdentityEscape that resolves to plain x resp. u.

ParseTerm, CalculateBitmapSize and ProcessCharSet do that wrong and treat them as \0 instead (or the partly calculated character number if followed by too few hexadecimal digits). In CalculateBitmapSize and ProcessCharSet the (src < end) test wouldn't be necessary, because it is known there that a ']' follows at the end.

CalculateBitmapSize and ProcessCharSet are also wrong if an uncomplete \x... or \u... isn't at the end, because they treat the backslash literally and ignore the x or u. Instead it should be treated as IdentityEscape and thus the backslash be ignored. ParseTerm does that correctly.
(Reporter)

Comment 1

9 years ago
Created attachment 316105 [details] [diff] [review]
patch
Assignee: general → x00000000
Status: NEW → ASSIGNED
Attachment #316105 - Flags: review?(crowder)
(Reporter)

Comment 2

9 years ago
Created attachment 316108 [details]
testcase for testsuite

Comment 3

9 years ago
Comment on attachment 316105 [details] [diff] [review]
patch

This should probably wait to land in a dot-release, though.
Attachment #316105 - Flags: review?(crowder) → review+
x0: you should put the keyword 'checkin-needed' once the patch is indeed ready to be checked in.
Flags: wanted1.9.2?
Flags: in-testsuite?
These bugs are all part of a search I made for js bugs that are getting lost in transit:

http://tinyurl.com/jsDeadEndBugs

They all have a review+'ed, non-obsoleted patch and are not marked fixed-in-tracemonkey or checkin-needed but have not seen any activity in 300 days. Some of these got lost simply because the assignee/patch provider never requested a checkin, or just because they were forgotten about.
Is this still an issue with YARR?
Flags: wanted1.9.2?
(In reply to comment #6)
> Is this still an issue with YARR?

Doesn't appear to be, as the testcase passes. I'm going to steal assignment so I remember to review and check in the test case post-FF4.
Assignee: x00000000 → cdleary
Should i do it?
http://hg.mozilla.org/integration/mozilla-inbound/rev/a445e447d222
Target Milestone: --- → mozilla11
https://hg.mozilla.org/mozilla-central/rev/a445e447d222
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: mozilla11 → mozilla12
You need to log in before you can comment on or make changes to this bug.